Debian LTS and ELTS - June 2023

Sat, 01 Jul 2023 07:09:11 -0700 

Here is my public monthly report.

Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors


LTS

- openssl
  - Reference/refresh recent patches in the security tracker
  - DLA 3449-1 (4 CVEs)
    https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html

- ffmpeg
  - Track fixed CVEs in past upload
  - DLA 3454-1 (4.1.10->4.1.11 upgrade, with unregistered vulnerabilities)
    https://lists.debian.org/debian-lts-announce/2023/06/msg00016.html

- python-werkzeug/bullseye upcoming DSA
  - Review (based on my DLA 3346-1 for the same package)

- Front-Desk
  - Mark 16 packages for update
  - Triage or precise triage for 15+ CVEs
  - Request new CVE for package 'osslsigncode'
  - Clean-ups/precisions in work queue and package database
  - Follow-up on upload-related issues


ELTS

- sysstat
  - ELA-866-1 (1 CVE)
    https://www.freexian.com/lts/extended/updates/ela-866-1-sysstat/

- Front Desk
  - Associate CVEs from newer, branched Debian packages with different
    names to older ELTS packages (emacs*, golang*, netty*, openssl*,
    php*, python*, tomcat*)
  - Mark 11 supported packages for update
  - Triage or precise triage for 10+ CVEs
  - Clean-ups/precisions in work queue


Documentation and tooling

- Continue discussion on making stable-security build logs public
  after package release, now involving other teams
  https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/51
  https://lists.debian.org/debian-lts/2023/06/msg00001.html

- Tooling: continue to revamp work queue report ('find-work')
  (private tooling planned to be made public)
  - Continue clean-up and finish review processes
  - Convert work queues (dla_needed.txt, ela_needed.txt) to drop
    duplicate information
  - Display warning if the Debian package maintainer requests
    involvement in LTS uploads (from 'data/packages/lts-do-call-me')
  - Display age in the work queue for each planned upload

- LTS Documentation
  - TestSuites: ffmpeg: refresh for buster
    https://lts-team.pages.debian.net/wiki/TestSuites/ffmpeg.html
  - TestSuites: golang: refresh uploads involving reverse-dependencies
    
https://lts-team.pages.debian.net/wiki/TestSuites/golang.html#finding-reverse-build-dependencies
  - TestSuites: refresh index, fix mark-up
    https://lts-team.pages.debian.net/wiki/TestSuites.html
    https://lts-team.pages.debian.net/wiki/TestSuites/php.html
  - Development: drop coordinator work from front-desk section,
    update/simplify 'package-operations' documentation,
    clarify debian-archive-keyring rationale
    https://lts-team.pages.debian.net/wiki/Development.html

- Guide non-security LTS upload from non-team contributor
  https://bugs.debian.org/1039489

- Continue internal discussions on packages claimfiles format/workflow

- Jitsi team meeting

-- 
Sylvain Beucler
Debian LTS Team

Reply via email to