Debian LTS and ELTS - April 2021

[Sylvain Beucler]

Here is my public monthly report.

Thanks to our sponsors for making this possible, and to Freexian for handling 
the offering.
https://www.freexian.com/services/debian-lts.html#sponsors

LTS

– php-pear / Archive_Tar
  – Fix test suite
  – DLA 2621-1
    https://lists.debian.org/debian-lts-announce/2021/04/msg00007.html
– ruby-nokogiri: triage
– zabbix
 – upgrade stretch to final 3.0.x version
 – global CVE triage
 – DLA 2631-1
   https://lists.debian.org/debian-lts-announce/2021/04/msg00018.html
– libspring-java
  – global triage: identify some patches, request help from upstream
    https://github.com/spring-projects/spring-framework/issues/26821
  – DLA-2635-1
    https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html
– jetty: global CVE triage


ELTS

– triage newly supported packages thanks to new sponsors
– zabbix
  – common work with LTS
  – ELA-406-1
    https://deb.freexian.com/extended-lts/updates/ela-406-1-zabbix/
– libspring-java
  – common work with LTS
  – ELA-408-1
    https://deb.freexian.com/extended-lts/updates/ela-408-1-libspring-java/
– python-bleach: ELA-411-1
  https://deb.freexian.com/extended-lts/updates/ela-411-1-python-bleach/
– jetty: manually track CVEs (due to subsequent package rename)


Documentation and tooling

– Help with give-back procedure, update documentation
  https://lists.debian.org/debian-lts/2021/04/msg00033.html
  https://wiki.debian.org/LTS/Development#Build_the_update
– debian-security-support: automatically report unsupported ecosystems
  (disputed)
  https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/20
  https://bugs.debian.org/986333
  https://salsa.debian.org/debian/debian-security-support/-/merge_requests/10
  https://lists.debian.org/debian-lts/2021/04/msg00028.html
– debian-security-support: fix missing alerts due to bug in version-based check
  (merge pending)
  https://bugs.debian.org/986581
  https://salsa.debian.org/debian/debian-security-support/-/merge_requests/9
– security tracker: sort CVEs as versions, everywhere and in a cleaner way
  (request from March now merged)
  
https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/81
– Discuss tracking unbound1.9 (stretch-specific package)
  https://lists.debian.org/debian-lts/2021/04/msg00059.html
– Team meeting (video-conf)
  – Suggest clarifying mandatory/optional participation to project-wide tasks
  – Suggest subscription/access to some other distros' private security repos

-- 
Sylvain Beucler
Debian LTS Team