Debian LTS and ELTS - November 2025
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors
LTS
- Front-Desk (week 45)
- Mark 6 packages for update, drop 11 packages
- Triage or precise bullseye triage for >25 CVEs
- Tidy work queue and team package information for OpenStack
packages, and Samba
- Harmonize Go bullseye triage, reference old stalled uploads that
weren't actually published to Debian for technical reasons
- Mark 5 packages for SPU
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues
- qtbase-opensource-src
- Document how to enable and run the testsuite (see documentation below)
- Import missing versions in Git
- Setup Salsa CI and git-buildpackage
- Fix some lintian issues to make CI reports more usable
- Attempt to run/fix http2 tests but eventually give up
Rely on reverse dependencies tests and autopkgtest instead
- DLA 4387-1
https://lists.debian.org/debian-lts-announce/2025/11/msg00031.html
- keras
- Fix previous incorrect triage
- Propose for EOL or limited-support for bullseye
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/281
- libwebkit2gtk
Further testing for an old issue with a new report, still cannot reproduce
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112227
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101807
- hdf5
Help with EOL effort
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117607
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
https://salsa.debian.org/debian/debian-security-support/-/merge_requests/52
https://salsa.debian.org/debian/hdf5/-/merge_requests/1
- grub2
Help with unblocking the bookworm update
ELTS
- Front-Desk (week 45)
- Mark 13 supported packages for update, dropped 2 packages
- Triage or precise bullseye triage for a handful of CVEs
- Tidy work queue and update status for 3 packages
- Associate CVEs from newer, branched Debian packages with different
names to older ELTS packages (golang*, libhtp/suricata, netty*,
openssl*, postgresql*, python*, ruby*, sqlite*, squid*, tomcat*,
unbound*); reference goldendict/goldendict-ng for future checks.
- Review history of newly supported packages
- Drop internal jessie package support information, for clearer
search results
- Clean-up obsolete and unimportant-priority ELTS entries
- qtbase-opensource-src
- Common work with LTS
- CVE-2015-9541 (2020): backport test for buster, fix for stretch
- ELA-1584-1 for buster
https://www.freexian.com/lts/extended/updates/ela-1584-1-qtbase-opensource-src/
- ELA-1585-1 for stretch
https://www.freexian.com/lts/extended/updates/ela-1585-1-qtbase-opensource-src/
- libapache2-mod-auth-openidc
- Propose autopkgtest fix for unstable
https://salsa.debian.org/debian/libapache2-mod-auth-openidc/-/merge_requests/6
- Start setting up a test environment
- To be continued next month
Common documentation and tooling
- Public documentation
- ARM development
Test Debian13- and QEMU-based VM creation and snapshots
Rework introduction
Reference sbuild/unshare deployment on porterboxes, allowing ELTS usage
https://lts-team.pages.debian.net/howtos/arm-debug.html
- Development
- DLA work assessment: rework, insisting on consistency within
Debian: prepare a SPU along with a DLA to fix the same CVEs in all
dists, including the ones that were fixed in the past. Link Salsa
issues and explanatory videos.
https://lts-team.pages.debian.net/wiki/Development.html#prepare-the-update
https://salsa.debian.org/lts-team/lts-team.pages.debian.net/-/merge_requests/25
- Building the final source package / .dsc: regroup info in main section
https://lts-team.pages.debian.net/wiki/Development.html#building-the-final-dsc
- Debusine regression testing work-around
https://lts-team.pages.debian.net/wiki/Development.html#test-the-update
- Front-Desk: recommend sending a recap to the next FD person
https://lts-team.pages.debian.net/front-desk.html
- Technical workflows: more sbuild examples; colored debdiff;
clarify issues with --source-only-changes
https://lts-team.pages.debian.net/technical-workflows.html
- TestSuites
- qtbase-opensource-src: new entry
https://lts-team.pages.debian.net/wiki/TestSuites/qtbase-opensource-src.html
- autopkgtest: reference unshare backend, with troubleshooting
https://lts-team.pages.debian.net/wiki/TestSuites/autopkgtest.html
Closing issue on handling ELTS images
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/79
- golang: clarify code
https://lts-team.pages.debian.net/wiki/TestSuites/golang.html
- git-workflow: address confusing error with GBP and overlay repositories
https://lts-team.pages.debian.net/git-workflow-lts.html#overlay-repositories
- Meetings: drop old note about jitsi.debian.social downtime
https://lts-team.pages.debian.net/wiki/Meetings.html
- Documentation October recap
https://lists.debian.org/debian-lts/2025/11/msg00019.html
- Private documentation
- Update ./find-work usage, following LTS-ELTS Team Merger
- Upload procedure: clarify issues with --source-only-changes;
further troubleshooting
- Issue templates
- Incomplete package update: update git-workflow status
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/new?description_template=Incomplete%20package%20update
- SPU (Stable Point Update)
Automate template some more with GitLab quick actions; drop one field
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/new?description_template=SPU
- Tooling
- lts-missing-uploads: cancel drop, document script purpose and fix it
https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/240
https://gitlab.com/freexian/services/deblts-team/debian-lts/-/issues/90
- gen-DLA: check CVE/package consistency before issuing a DLA; merged!
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/61
https://salsa.debian.org/security-tracker-team/security-tracker/-/issues/43
https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/226
- package-operations: drop ./ from default commit message [private tool]
- Debusine
- binary debdiff: incorrect packages pairing
https://salsa.debian.org/freexian-team/debusine/-/issues/1176
- Server Error (500) when browsing incomplete autopkgtest result
https://salsa.debian.org/freexian-team/debusine/-/issues/1189
- libvirt
- CVE-2025-13193: data leak for new offline external snapshots
Discovery, responsible disclosure
bookworm and earlier not affected (no external snapshots yet)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120119
https://www.cve.org/CVERecord?id=CVE-2025-13193
- Merge multiple issues with external snapshots and apparmor
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932456
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093955
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061725
- Help other team members on IRC
- Team meeting (IRC)
https://meetbot.debian.net/debian-lts/2025/debian-lts.2025-11-27-14.00.html
--
Sylvain Beucler
Debian LTS Team
Reply to: