Debian LTS and ELTS - August 2021

Wed, 01 Sep 2021 09:59:27 -0700 

Here is my public monthly report.

Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors


LTS

– openexr
  – DLA 2732-1
    https://lists.debian.org/debian-lts-announce/2021/08/msg00008.html
  – Clarify (non-)impact of CVE-2021-23215 fix

– CVEs triage
  – common triaging work related to ELTS front-desk duty
  – global triage / versioning precisions: ckeditor, modsecurity-crs,
    qt*, sssd, fig2dev
  – clarify long-standing packages status (python-babel, mosquitto)
  – coordinate with contributors performing conflicting triaging


ELTS

– openexr
  – common work with LTS
  – ELA-469-1
    https://deb.freexian.com/extended-lts/updates/ela-469-1-openexr/

– front-desk duty
  – triage jessie vulnerabilities: courier, apache2, ckeditor,
    glances, hivex, libgd2, modsecurity-crs, perl, qt, sssd, qemu,
    transfig, cpio

– non-front-desk CVEs triage
  – libonig: mark CVE-2020-26159 for revert
  – fix duplicate causing database errors
  – notified FD about now-unsupported package triage


Documentation and tooling

– Tracking related source packages
  https://lists.debian.org/debian-lts/2021/08/msg00045.html
  https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/2
  https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/12
  
https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/88
  Write new flexible tool to help with specific triaging issues, especially:
  – decision support with packages whose code in embedded into others
  – automatically tracking CVEs for old renamed packages (ELTS)
  Coordinate with security team for official inclusion in shared repo

– bin/give-back-hours: sync fixes lts->elts

– Reference golang security rationale for newly-released bullseye
  https://wiki.debian.org/LTS/TestSuites/golang

– Suggest standard tracking for non-standard issues
  https://lists.debian.org/debian-lts/2021/08/msg00010.html

– Check amd64-microcode status following users report
  https://lists.debian.org/debian-lts/2021/08/msg00056.html

– Team meeting (Jitsi)


-- 
Sylvain Beucler
Debian LTS Team

Reply via email to