Debian LTS and ELTS - May 2022
Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors
LTS
- front-desk
- Leverage last month's new report on missing buster updates in LTS
- Mark 30 packages for update
- Clarify or fix triage for 11 packages
- Report: https://lists.debian.org/debian-lts/2022/05/msg00058.html
- Mark 14 packages for update (regular front-desk triage workflow)
- Set vulnerability status for 15 CVEs
- Clarify postgresql-9.6 and nvidia-graphics-drivers-legacy-340xx status
https://lists.debian.org/debian-lts/2022/05/msg00055.html
https://lists.debian.org/debian-lts/2022/05/msg00057.html
- Help fix incomplete announcement for DLA-2962-2 and DLA-3017-1
- rsyslog
- Clarify related CVEs
- Fix flaky tests in test suite on arm/slow architectures
- DLA-3016-1
https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html
- ckeditor (v4)
- Assess supportability, probably requires mass upgrade
- Postpone pending ckeditor3 status
- ckeditor3
- Coordinate support status with maintainer and security team
https://lists.debian.org/debian-lts/2022/05/msg00018.html
- Mark EOL for stretch
https://salsa.debian.org/debian/debian-security-support/-/merge_requests/14
- libdbi-perl
- DLA-3035-1
https://lists.debian.org/debian-lts-announce/2022/05/msg00046.html
ELTS
- front-desk
- Common work with TLS
- Leverage last month's new report on missing buster update in LTS
- Mark 8 supported packages for update
- Associate CVEs with 3 renamed supported packages
- Mark 2 packages for update
- Set vulnerability status for 13 CVEs
- ckeditor (v4)
- Drop support (actually unused in jessie)
- rsyslog
- Commmon work with LTS
- No update (no affected CVEs, nothing to do for now)
- libdbi-perl
- Commmon work with LTS
- ELA-620-1
https://deb.freexian.com/extended-lts/updates/ela-620-1-libdbi-perl/
Documentation and tooling
- LTS documentation
- CVEs triage: add reference to introductory commit when <not-affected>
https://wiki.debian.org/LTS/Development?action=diff&rev2=291&rev1=290
- gen-DLA now removes obsolete triage
https://wiki.debian.org/LTS/Development?action=diff&rev2=294&rev1=293
- ffmpeg testing: link our libav (past fork) documentation
https://wiki.debian.org/LTS/TestSuites/ffmpeg?action=diff&rev2=4&rev1=3
- Wiki notifications HOWTO for the LTS namespace (internal documentation)
- security-tracker: lts-cve-triage.py
- Clarify intent and recommend against downgrading report priority
https://lists.debian.org/debian-lts/2022/05/msg00035.html
https://lists.debian.org/debian-lts/2022/05/msg00038.html
- Clarify report label and document expected front-desk action
- Internal discussions
- Recommend keeping documentation in the wiki and ad-hoc READMEs
- Recommend leaving git-based workflow optional
- Help LTS newcomers on IRC
--
Sylvain Beucler
Debian LTS Team
Reply to: