Debian LTS and ELTS - May 2022

To: debian-lts@lists.debian.org
Subject: Debian LTS and ELTS - May 2022
From: Sylvain Beucler <beuc@beuc.net>
Date: Wed, 1 Jun 2022 13:12:50 +0200
Message-id: <[🔎] 20220601111250.GA22259@mail.beuc.net>

Here is my public monthly report.

Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors


LTS

- front-desk
  - Leverage last month's new report on missing buster updates in LTS
    - Mark 30 packages for update
    - Clarify or fix triage for 11 packages
    - Report: https://lists.debian.org/debian-lts/2022/05/msg00058.html
  - Mark 14 packages for update (regular front-desk triage workflow)
  - Set vulnerability status for 15 CVEs
  - Clarify postgresql-9.6 and nvidia-graphics-drivers-legacy-340xx status
    https://lists.debian.org/debian-lts/2022/05/msg00055.html
    https://lists.debian.org/debian-lts/2022/05/msg00057.html
  - Help fix incomplete announcement for DLA-2962-2 and DLA-3017-1

- rsyslog
  - Clarify related CVEs
  - Fix flaky tests in test suite on arm/slow architectures
  - DLA-3016-1
    https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html

- ckeditor (v4)
  - Assess supportability, probably requires mass upgrade
  - Postpone pending ckeditor3 status

- ckeditor3
  - Coordinate support status with maintainer and security team
    https://lists.debian.org/debian-lts/2022/05/msg00018.html
  - Mark EOL for stretch
    https://salsa.debian.org/debian/debian-security-support/-/merge_requests/14

- libdbi-perl
  - DLA-3035-1
    https://lists.debian.org/debian-lts-announce/2022/05/msg00046.html


ELTS

- front-desk
  - Common work with TLS
  - Leverage last month's new report on missing buster update in LTS
    - Mark 8 supported packages for update
  - Associate CVEs with 3 renamed supported packages
  - Mark 2 packages for update
  - Set vulnerability status for 13 CVEs

- ckeditor (v4)
  - Drop support (actually unused in jessie)

- rsyslog
  - Commmon work with LTS
  - No update (no affected CVEs, nothing to do for now)

- libdbi-perl
  - Commmon work with LTS
  - ELA-620-1
    https://deb.freexian.com/extended-lts/updates/ela-620-1-libdbi-perl/


Documentation and tooling

- LTS documentation
  - CVEs triage: add reference to introductory commit when <not-affected>
    https://wiki.debian.org/LTS/Development?action=diff&rev2=291&rev1=290
  - gen-DLA now removes obsolete triage
    https://wiki.debian.org/LTS/Development?action=diff&rev2=294&rev1=293
  - ffmpeg testing: link our libav (past fork) documentation
    https://wiki.debian.org/LTS/TestSuites/ffmpeg?action=diff&rev2=4&rev1=3
  - Wiki notifications HOWTO for the LTS namespace (internal documentation)

- security-tracker: lts-cve-triage.py
  - Clarify intent and recommend against downgrading report priority
    https://lists.debian.org/debian-lts/2022/05/msg00035.html
    https://lists.debian.org/debian-lts/2022/05/msg00038.html
  - Clarify report label and document expected front-desk action

- Internal discussions
  - Recommend keeping documentation in the wiki and ad-hoc READMEs
  - Recommend leaving git-based workflow optional

- Help LTS newcomers on IRC

-- 
Sylvain Beucler
Debian LTS Team

Reply to:

Prev by Date: LTS report for May 2022
Next by Date: LTS report for May 2022
Previous by thread: LTS report for May 2022
Next by thread: Re: [DLA-3007-1] imagemagick security update incomplete
Index(es):
- Date
- Thread