[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian LTS and ELTS - October 2024

Here is my public monthly report.

Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors


LTS

- Front-Desk (week 40, continued)
  - Mark 10 packages for update
  - Triage or precise triage for a few CVEs and packages
  - Re-check Git situation due to regressions in bookworm
    (LTS/ELTS not affected)
  - Follow-up on horde and ckeditor supportability
    https://lists.debian.org/debian-lts/2024/10/msg00003.html
  - Follow-up on DOMPurify CVE assignments
    (Debian Security Team, Bastien Roucariès)
    https://deb.freexian.com/extended-lts/tracker/source-package/node-dompurify
    https://lists.debian.org/debian-security-announce/2024/msg00204.html
    (Impacts cacti versions that recently embedded that library for
    security fixes.)
  - Improve process for package additions by coordinator
    (clarity / auditability)


ELTS

- Front-Desk
  - Associate CVEs from newer, branched Debian packages with different
    names to older ELTS packages (golang*, php*, python*, tomcat*,
    unbound*)
  - Mark 12 supported packages for update
  - Triage or precise triage for <10 CVEs and packages
  - Internal discussion on binutils/libiberty supportability

- ELTS tracker maintenance
  - Fix-up discrepancies between main and ELTS tracker for package
    wordpress, leading to multiple e-mail alerts per hour
  https://deb.freexian.com/extended-lts/tracker/source-package/wordpress


Documentation and tooling

- Internal discussion on handling/prioritizing work on bookworm and
  above, outside of LTS perimeter, but impacting future LTS suites.
  See also meeting notes below.

- Pre-LTS bullseye build logs declassification
  - Test build log import by Wanna-Build Team
    https://buildd.debian.org/status/package.php?suite=bullseye-security&p=SOURCE_PACKAGE
  - Notify coordinator on incorrect date range (2023-01->2024-07
    rather than 2022->2024-08)
  - Missing build logs requested, probably not going to happen

- Jitsi meeting
  Acted as secretary
  https://lists.debian.org/debian-lts/2024/10/msg00044.html

-- 
Sylvain Beucler
Debian LTS Team
Reply to: