Here is my transparent report for my work on the Debian Long Term
Support (LTS) <https://wiki.debian.org/LTS> and Debian Extended Long
Term Support (ELTS) <https://wiki.debian.org/LTS/Extended%20project>,
which extend the security support for past Debian releases, as a paid
contributor.
In September, the monthly sponsored hours were split evenly among
contributors depending on their max availability - I was assigned 19.75h
for LTS (out of my 30 max; all done) and 20h for ELTS (out of my 20 max;
all done).
/ELTS - Jessie/
* qemu: jessie triage: finish work started in August
* qemu: backport 5 CVE fixes, perform virtual and physical testing,
security upload ELA-283-1
<https://deb.freexian.com/extended-lts/updates/ela-283-1-qemu/>
* libdbi-perl: global triage: clarifications, confirm incomplete
<https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911578>
and attempt to get upstream action, request new CVE
<https://blog.beuc.net/CVE-2014-10402> following discussion with
security team
* libdbi-perl: backport 5 CVE fixes, test, security upload ELA-285-1
<https://deb.freexian.com/extended-lts/updates/ela-285-1-libdbi-perl/>
/LTS - Stretch/
* qemu: stretch triage, while working on ELTS update; mark several
CVEs unaffected, update patch/status
* wordpress: global triage: reference new patches, request proper CVE
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25286> to
fix our temporary tracking
* wordpress: revamp package: upgrade to upstream's stable
4.7.5->4.7.18 to ease future updates, re-apply missing patches, fix
past regression and notify maintainer, security upload DLA-2371-1
<https://lists.debian.org/debian-lts-announce/2020/09/msg00011.html>
* libdbi-perl: common work with ELTS, security upload DLA-2386-1
<https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html>
* public IRC team meeting
<http://meetbot.debian.net/debian-lts/2020/debian-lts.2020-09-24-14.58.html>
/Documentation/Scripts/
* LTS/TestSuites/wordpress
<https://wiki.debian.org/LTS/TestSuites/wordpress>: new page with
testsuite import and manual tests
* LTS/TestSuites/qemu <https://wiki.debian.org/LTS/TestSuites/qemu>:
minor update
* wiki.d.o/Sympa <https://wiki.debian.org/Sympa>: update Sympa while
using it as a libdbi-perl reverse-dep test (update for newer
versions, explain how to bootstrap admin access)
* www.d.o/lts/security <https://www.debian.org/lts/security/2020/>:
import a couple missing announcements and notify uploaders about
procedures
* Check status
<https://lists.debian.org/debian-lts/2020/09/msg00024.html> for
pdns-recursor, following user request
* Check status
<https://lists.debian.org/debian-lts/2020/09/msg00028.html> for
golang-1.7 / CVE-2019-9514 / CVE-2019-9512
* Attempt <https://lists.debian.org/debian-lts/2020/09/msg00051.html>
to improve cooperation after seeing my work discarded and redone
as-is, which sadly isn't the first time; no answer
* Historical analysis of our CVE fixes: experiment to gather per-CVE
tracker history
--
https://blog.beuc.net/posts/Debian_LTS_and_ELTS_-_September_2020/
