Debian (E)LTS Work May 2023
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors
LTS:
- - golang-yaml.v2
- CVE-2021-4235
- CVE-2022-3064
- Add upstream patch with style fixes for CVE-2022-3064 so
that we are in line with upstream code if there happens to
be another security update.
- Worked on broken tests due to upstream fixes - still working on failing i386
test.
https://salsa.debian.org/lts-team/packages/golang-yaml.v2
- - python-oslo.privsep
- CVE-2022-38065 has been marked as Won't-fix/Hardening opportunity upstream.
It was mentioned the fix was easy but tedious. It is consumer design flaw
issue. After extensive research into fixing this I deemed it too large / out of
scope. Added notes to dla-needed.txt
Misc:
Claimed lts-extra-task to develop an lts team view in package tracker for no-
dsa packages.
- Set up my enviroment to do said work.
Processed some NFUs
Team monthly meeting
Thanks,
Scarlett
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfDWSDxziiZ6OqarQLnwDZ7m/oIkFAmR6N6QACgkQLnwDZ7m/
oIlCJhAAvlNSVbloxZgnbIC9dFphbTZQVtdpu3hUsb12rYTkGr4URwf7EzqMmT1C
pixWIuv6Tze9Jglez+P5zK27J0qs5GK8nJInQW92QmmOf/43ktLK20he8ftEPUHP
j5p1AcuGkAi2WpCjLFBF8mRBd3u64IBzLovY9RPyoXrlkoYlwwy8Z+JkLLvGAZZx
tRLmBKdmU4Ws9mrwebMjEFd9YHdhnpWHOy/rjFyFqxuigxCt0OnjOv/cPvjjA1Jh
cy6LVI/XjXslnNWnxuTOO4mrILU3BTTGnHGqN/DS/JoDGHeTSpuLJNTDgPwPpEX9
cqMpAYk34iA5Dos5SSHG5QxMzvAguiLa35V6kzfujorbro28uk7zBYrUNA7YfvPT
vj+SkQWPdrxjB6mbW/LRxAUf1u5Ls1yOo9pBtRG5s8aYzMEVecoXktOM/xwl/l7v
KjjfdDEF+0EOBSkrkCbo9od71ydaC8H1roYrX07vVwZf6jb2kYfhv9Nf3n5XAFmv
9h0+SDACQ51oErXMAnGrmgigLtwPv+NEZIAFL778+N0fkcS6CS6hX8/K5MvlJj9D
IT0LslQuSwtO+9953zjgoBuUP9QhZ6fSLgyOtT1R1o7JMFOkUdpfKPRgs5cIaPqC
aZo6YPD6n7ktZ31Y9zflsFsY2HE1jXOmhR01SZqoDniDzSiwnfc=
=jU6H
-----END PGP SIGNATURE-----
Reply to: