Debian LTS and ELTS - August 2023
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors
LTS
- Front Desk (week 32)
- Mark 15 packages for update
- Triage or precise triage for 20+ CVEs
- Investigate current status for long-standing packages
- Clean-ups/precisions in work queue and package database
- Help other contributors with triage questions
- Peer-review Go guidelines RFC from Roberto
https://lists.debian.org/debian-go/2023/08/msg00023.html
- python-git
- Minor follow-up for last month update
- CVE issued for incomplete fix discovered during backport;
reference it
- gawk
- Drop from queue, aligning with other dists (postponed minor issue)
- w3m
- DLA 3541-1 (1 CVE)
https://lists.debian.org/debian-lts-announce/2023/08/msg00030.html
- Propose missing follow-up fix for bullseye
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019599#37
ELTS
- Front Desk (week 31 2/2, week 32)
- Associate CVEs from newer, branched Debian packages with different
names to older ELTS packages (openssl*, python*, ruby*, golang*,
postgresql*, php*)
- Mark 9 supported packages for update
- Triage or precise triage for 30+ CVEs
- Investigate current status for long-standing packages
- Help other contributors with triage questions (e.g. runc package)
- Review history of newly supported packages (new customer)
- Exceptional 2 weeks in a row, some of the early triage involved
LTS triaging as a side effect
- twisted
- Minor follow-up for last month update
- Get Git branches merged in upstream repository
- puppet-module-puppetlabs-mysql
- Drop package from queue (minor issue with breaking changes)
- w3m
- ELA-931-1 (1 CVE, stretch & jessie)
https://www.freexian.com/lts/extended/updates/ela-931-1-w3m/
- flask
- Drop for jessie (already fixed but confusing CVE attribution)
- ELA-940-1 (2 CVEs, stretch)
https://www.freexian.com/lts/extended/updates/ela-940-1-flask/
Documentation and tooling
- Experiment with a GitLab issue-based workflow for package updates,
potential replacement for the current git- and file-based workflow
- Help clarify goals
- Draft issue template
- Open 18 issues (as part of Front Desk duty)
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/?state=all&label_name%5B%5D=DLA
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/?state=all&label_name%5B%5D=ELA
- Write-up personal DLA and ELA workflow for use a check-list
(while preparing updates for w3m and flask)
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/42#note_421977
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/36#note_423686
- LTS Documentation
- information-for-lts-contributors (internal): clarifications
- Tooling
- queue report ('find-work'): link tracker package status page
- Help newcomers on IRC
- Jitsi team meeting
--
Sylvain Beucler
Debian LTS Team
Reply to: