Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors
LTS
Note: LTS was inactive during July, as stretch moved to ELTS, but
buster remained under standard Debian security support until August.
- front-desk / buster preparation
- data/dla-needed.txt: reference workflow during buster transition (July)
- data/dla-needed.txt: warn about conflict with proposed-updates (August)
- ffmpeg: clean-up buster status (reference CVEs fixed by DSA-5126-1)
- php: identify patches for CVE-2022-31625 and CVE-2022-31626
- slurm-llnl: discuss EOL status
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/39
ELTS
- front-desk
- Mark 8 supported packages for update
- Associate CVEs with 7 related/renamed supported packages
- Set vulnerability status for 6 CVEs, add information to others
- Report webkit* support limitations
Documentation and tooling
- Discussions
- Rationale on lts-cve-triage.py "to be fixed or <ignored>" recommendation
https://lists.debian.org/debian-lts/2022/07/msg00036.html
- Decide what to do with the <no-dsa> CVEs: contribute opinion
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/38
- LTS documentation: fix a couple migration issues
- IRC meeting
--
Sylvain Beucler
Debian LTS Team
