Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors
LTS
- Front Desk (week 1 2025/2026, second half)
- Mark 9 packages for update, drop 1 package
- Triage or precise bullseye triage for >15 CVEs
- Mark 1 package for SPU
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues
- p7zip / p7zip-rar
- The p7zip fork is now unmaintained, and (newer) 7zip package doesn't
share details on individual CVE fixes, hampering security support
- Investigate a path forward with Security Team and 7zip package
maintainer, to avoid full EOL (end-of-life)
https://lists.debian.org/debian-lts/2026/01/msg00022.html
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/306
- Mark p7zip out of support for future bookworm-lts
- python3.x
- Coordinate python3.11/3.13 (bookworm/trixie) update with Andrej,
who recently updated python3.9 (DLA 4445-1)
- Andrej will handle stable/oldstable while I handle ELTS (below)
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/308
- Associate 2 missing Python standard library CVEs to pypy3
- Front Desk (week 5)
- Another FD slot this month, as previous slot started in 2025
and we shuffled anew in 2026
- Mark 8 packages for update, drop 1 package
- Triage or precise bullseye triage for >50 CVEs
- Tidy work queue and team package information for 2 packages
- Mark 1 package for SPU
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues
- Attempt to locate 3 specific openexr fixes
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123963
- python-ply: proposal for EOL (end-of-life)
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/320
- Ping pending xrdp tasks
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/276#note_719372
https://salsa.debian.org/lts-team/lts-updates-tasks/-/work_items/211#note_719371
- Answer single patch proposal for qemu
https://lists.debian.org/debian-lts/2026/01/msg00015.html
- hdf5: help with EOL (end-of-life) process
https://salsa.debian.org/debian/debian-security-support/-/merge_requests/52#note_709836
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117607
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
- keras: get EOL process finalized
https://salsa.debian.org/debian/debian-security-support/-/merge_requests/53
ELTS
- Front Desk (week 1 2025/2026, second half)
- Mark 13 supported packages for update, dropped 6 packages
- Triage or precise bullseye triage for <10 CVEs
- Tidy work queue and update status for 2 packages
- Associate CVEs from newer, branched Debian packages with different
names to older ELTS packages (php*, python*, ruby*)
- Review history of newly supported packages
- Warn contributor about issue in gimp ELA which fixed different
CVEs in buster and stretch, which requires specific handling
- mailman
- drop package from work queue (only disputed CVEs)
- samba
- Document basic testing (see below)
- Setup Windows 11 Enterprise for testing (see below)
- ELA-1611-1
https://www.freexian.com/lts/extended/updates/ela-1611-1-samba/
- p7zip / p7zip-rar
- Common work with LTS, same supportability issue
- Python variants
- Push Python standard library updates in the supported ELTS Python
ecosystem: python2, python3.5, python3.7, pypy
- Investigate vulnerability status for past and brand new CVEs
- To be continued next month
- Front Desk (week 5)
- Another FD slot this month, as previous slot started in 2025
and we shuffled anew in 2026
- Mark 9 supported packages for update
- Triage or precise bullseye triage for >30 CVEs
- Tidy work queue and update status for 2 packages
- Associate CVEs from newer, branched Debian packages with different
names to older ELTS packages (freerdp*, golang*, gnupg*,
openssl*); reference pypdf2/pypdf for future checks.
- Clean-up obsolete and unimportant-priority ELTS entries
Common documentation and tooling
- Public documentation
- TestSuites
- samba: new entry, basic testing, Windows testing information
https://lts-team.pages.debian.net/wiki/TestSuites/samba.html
- python: reference OpenSUSE Git repository, warn about
PYTHONIOENCODING on Salsa, miscellaneous updates
https://lts-team.pages.debian.net/wiki/TestSuites/python2.html
https://lts-team.pages.debian.net/wiki/TestSuites/python3.html
- autopkgtest: update *-build-qemu (VM creation) for trixie
https://lts-team.pages.debian.net/wiki/TestSuites/autopkgtest.html#full-vm-environment-isolation-machine
- Development
- technical-workflows: fix 'chdist apt $dist source' setup
https://lts-team.pages.debian.net/technical-workflows.html#chdist
- Update bugs.debian.org link for upcoming Point Updates, to avoid time-out
https://lts-team.pages.debian.net/wiki/Development.html#switching-to-the-next-lts-release
https://lts-team.pages.debian.net/front-desk.html#initial-package-triage-for-lts
- Review recent changes and clarify / fix typos
https://lts-team.pages.debian.net/cve-triage.html#cve-status-list-for-lts
https://lts-team.pages.debian.net/wiki/Development.html#special-case-vulnerability-without-a-cve-assignment
- December recap
https://lists.debian.org/debian-lts/2026/01/msg00009.html
- Private documentation
- newly-supported-packages: clean-up empty CVE entries
- review merge requests from new contributor
- Tooling
- Evaluate an Ansible-based setup for testing ELTS/buster and
Windows, from another contributor
https://gitlab.com/lgarrett/ftf/
Doesn't work out-of-the-box quite yet, proposed fixes:
https://gitlab.com/lgarrett/ftf/-/merge_requests/1
https://gitlab.com/lgarrett/ftf/-/merge_requests/2
https://gitlab.com/lgarrett/ftf/-/merge_requests/3
https://gitlab.com/lgarrett/ftf/-/merge_requests/4
- debusine: report issues
piuparts cannot remove sudo
https://salsa.debian.org/freexian-team/debusine/-/issues/1268
autopkgtest support for isolation-machine
https://salsa.debian.org/freexian-team/debusine/-/issues/1273
QA workflow: autopkgtest overview needs further detail
https://salsa.debian.org/freexian-team/debusine/-/issues/1282
- Help other team members
- Git issues in our ffmpeg repository
Analyze our repo repo and charles' fix suggestion
https://salsa.debian.org/lts-team/packages/ffmpeg/
https://lists.debian.org/debian-lts/2026/01/msg00025.html
- Internal discussion how to report excessive packages claims in the
work queue
- Team meeting (IRC)
https://meetbot.debian.net/debian-lts/2026/debian-lts.2026-01-22-14.00.html
--
Sylvain Beucler
Debian LTS Team
