Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/services/debian-lts.html#sponsors
LTS
- qemu
- triage pending vulnerabilities
- have upstream clarify CVE-2020-17380 with a new CVE-2021-3409
- DLA 2560-1: group 8 pending medium-severity CVEs
https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html
- php-horde-text-filter
- DLA 2564-1
https://lists.debian.org/debian-lts-announce/2021/02/msg00028.html
- golang
- initial triage and backport, to be continued next month
- Documentation and tooling
- Generate a list of packages that have had (recurrent) security
updates and would benefit from a DEP-8 (autopkgtest) suite
https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/1#note_216446
- Security tracker's web interface: sort CVEs correctly
https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/76
- Support for insecure applications: provide point
https://lists.debian.org/debian-lts/2021/02/msg00035.html
- Reference dose-deve for finding reverse /build/ dependencies
https://wiki.debian.org/LTS/Development#Test_the_update
- Golang testsuite and specific security approach
https://wiki.debian.org/LTS/TestSuites/golang
- Lead discussion on better tracking vulnerabilities across
renamed/related packages
https://lists.debian.org/debian-lts/2021/02/msg00083.html
- Keyring issues: write-up
https://lists.debian.org/debian-lts/2021/02/msg00091.html
ELTS
- qemu
- common work with LTS
- ELA 364-1
https://deb.freexian.com/extended-lts/updates/ela-364-1-qemu/
- ntp backport (context-specific sponsor request)
- php-horde-text-filter
- common work with LTS
- ELA 365-1
https://deb.freexian.com/extended-lts/updates/ela-365-1-php-horde-text-filter/
- imagemagick
- explain past triage in the context of an upcoming ELA
- golang
- common work with LTS, to be continued next month
- fix test suite
--
Sylvain Beucler
Debian LTS Team
