[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian LTS and ELTS - April 2023

Here is my public monthly report.

Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.


- Front Desk
  - Mark 6 packages for update
  - Triage or precise triage for 10+ CVEs
  - Update a few pending packages status
  - Report issues about 2 recent DLAs to contributors

- golang-1.11
  - Sync past bullseye CVE fixes to buster (first DLA)
  - Fix build issue when using 'debuild' tool
  - Investigate and fix test suite issues on arm64 buildds
  - DLA-3395-1
  - Investigate and fix new test suite issues on 32-bit armhf system
    on 64-bit host (thanks to carnil and pochu for their assistance)
  - DLA-3395-2


- Front Desk
  - Associate CVEs from newer, branched 'emacs*', 'golang-*',
    'ruby2.*' and 'tomcat*' Debian packages to older ELTS packages
  - Mark 5 supported packages for update
  - Triage or precise triage for 15+ CVEs

- golang-1.7
  - Re-check following work on golang-1.11 in LTS
  - Impacted CVEs already fixed, nothing to do

Documentation and tooling

- Follow-up again on obsolete but supported packages that may lack
  active CVE triage (such as python2)
  - Continue discussion with the Debian Security Team
  - Add 'gnupg1' to security-support-limited
  - Match python2.7 open CVEs with python3.*, mark python2.7 for update
  - Start matching sqlite open CVEs with sqlite3
  - Prepare LTS-specific transitions file for bin/related-packages.py,
    to do this work again on a regular basis

- LTS Documentation
  - TestSuites: golang: documentation following buster first DLA

- Clarify internal warning about planned unsupported ELA

- Help on LTS/ELTS IRC channels

- Team meeting cancelled due to low planned attendance and agenda items

Sylvain Beucler
Debian LTS Team

Reply to: