Debian LTS and ELTS - March 2026
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors
LTS
- p7zip / p7zip-rar
- Continue work from past month (the p7zip fork is now unmaintained,
and (newer) 7zip package doesn't share details on individual CVE
fixes, hampering security support)
- Prepare OldStable Proposed Update (OSPU) for 7zip:
https://bugs.debian.org/1129934
- Prepare p7zip and p7zip-rar replacements, based on 7z 25.01 with
compatibility patches, from bookworm to stretch
- Sync p7zip and 7zip CVEs on the security tracker;
reference lzma embedded in 7zip (embedded-code-copies)
- Coordinate with security team
https://lists.debian.org/debian-lts/2026/03/msg00009.html
- Test:
- Setup to Salsa-CI
- Setup debusine "experiment" to test p7zip and p7zip-rar together
- Manually test reverse dependencies
- Find and test (illegal) usage of private 7z.so
- Doc fixes in 7zip/sid
https://salsa.debian.org/debian/7zip/-/merge_requests/16
- Front Desk (week 13 2026)
- Mark 15 packages for update, drop 5 packages
- Triage or precise bullseye triage for ~40 CVEs
- Tidy work queue and team package information for 3 packages
- Exchange with coordinator on handling of additional vulnerability
data for Freexian (to comply with new EU laws, among others)
- Prepare FD week by helping around:
python3.x guidance
https://lists.debian.org/debian-lts/2026/03/msg00015.html
samba and sudo support scope (via IRC)
- E-mail awstats uploader about fixing unstable/trixie/bookworm
- Send recap to next FD
ELTS
- p7zip / p7zip-rar
Shared work with LTS, see above.
- Front Desk (week 13 2026)
- Mark 15 supported packages for update
- Triage or precise bullseye triage for >20 CVEs
- Tidy work queue and update status for 3 packages
- Associate CVEs from newer, branched Debian packages with different
names to older ELTS packages (freerdp*, golang*, mongodb*, netty*,
python*, sqlite*, squid*)
- Clean-up obsolete and unimportant-priority ELTS entries
- Revert 1 misplaced LTS commit from the ELTS repository
Common documentation and tooling
- Public documentation
- Technical workflows
- New section on enabling ccache for repeated builds
https://lts-team.pages.debian.net/technical-workflows.html#ccache
- New section on using debusine experiments
(LTS-oriented recap, to test multiple updated packages at once)
https://lts-team.pages.debian.net/technical-workflows.html#debusine-staging
- Debian Wiki: DebusineDebianNet
Link similar features 'create-experiment' and 'Repositories'
https://wiki.debian.org/DebusineDebianNet?action=diff&rev2=48&rev1=47
- February recap
https://lists.debian.org/debian-lts/2026/03/msg00011.html
- Private documentation
- Priority: document packages with no known users
(no sponsors, low popcon)
- Reference DebusineDebianNet as a page to watch
- New bin/elts-sync-renamed-packages (see below)
- Drop obsolete section on semi-automatic package unclaim
- Tooling
- Security Tracker: bin/lts-bts: drop obsolete script
- ELTS Security Tracker: bin/elts-sync-renamed-packages
Friendly wrapper for bin/related-cves.py, which is a kind of swiss
army knife, using it directly proved error-prone.
Introduce this new specific script for ELTS front desk.
- debusine: report issues
Break debusine.debian.net ;)
https://salsa.debian.org/freexian-team/debusine/-/issues/1366
Allow replacing a package in experiments
https://salsa.debian.org/freexian-team/debusine/-/issues/1368
- Team meeting (IRC)
https://meetbot.debian.net/debian-lts/2026/debian-lts.2026-03-26-14.00.html
--
Sylvain Beucler
Debian LTS Team
Reply to: