Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for
handling the offering.
https://www.freexian.com/lts/debian/#sponsors
LTS
- p7zip
- Rebase on 7-Zip v25->v26, to handle 8 new vulnerabilities
- Coordinate with other dists, make it easier to review
https://lists.debian.org/debian-lts/2026/06/msg00006.html
https://bugs.debian.org/1138181#17
- Prepare bookworm Old-Stable Point Update (OSPU), planned mi-July
https://bugs.debian.org/1138759
- Waiting for OSPU review before updating bullseye
- Packages EOL
- spip: EOL validated
https://salsa.debian.org/lts-team/lts-updates-tasks/-/work_items/342
https://salsa.debian.org/debian/debian-security-support/-/merge_requests/66
- zulucrypt: EOL validated
https://salsa.debian.org/lts-team/lts-updates-tasks/-/work_items/362
https://salsa.debian.org/debian/debian-security-support/-/merge_requests/67
- ply: EOL rejected, but unfit for sponsoring / ELTS
https://salsa.debian.org/lts-team/lts-updates-tasks/-/work_items/320
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139317
- p7zip: available again for sponsoring / support, following last
months work
- Packages queue
- Drop 1 package, update 1 package status
- Check planned bookworm OSPU
Drop 2 done, document 1 in-progress, ping 2 (1 got done)
Remaining ones have low priority
https://salsa.debian.org/lts-team/lts-updates-tasks/-/work_items?label_name%5B%5D=%28O%29SPU
ELTS
- p7zip
- Follow LTS work (the p7zip fork is now unmaintained, and (newer)
7zip package doesn't share details on individual CVE fixes,
hampering security support).
https://salsa.debian.org/lts-team/lts-updates-tasks/-/work_items/306
- Improve version output compatibility
- ELA-1742-1 for p7zip
https://www.freexian.com/lts/extended/updates/ela-1742-1-p7zip/
- ELA-1743-1 and ELA-1744-1 for p7zip-rar (not supported)
https://www.freexian.com/lts/extended/updates/ela-1743-1-p7zip-rar/
https://www.freexian.com/lts/extended/updates/ela-1744-1-p7zip-rar/
- Packages queue
Drop 1 package, update 1 package status
- rsync
- Follow LTS work, but handle reported regressions
- Filter and backport huge security branch (80+ patches)
- openat2(2) support is required to address symlink attacks, which
only work on newer, supported ELTS kernel backports. Work-around
missing headers, and ensure rsync still works with stock 4.x ELTS
kernel (with lesser defense-in-depth).
- Reference missing CVEs in DSA/DLA
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/969f41f
- Improve testsuite and propose changes to Debian sid
https://salsa.debian.org/debian/rsync/-/merge_requests/40
- Request review from DLA uploader
Common documentation and tooling
- bookworm LTS handover
- Update tooling to handle bullseye and bookworm at the same time,
for 2.5 months. Minimal changes lts-cve-triage.py and
package-operations.
https://lists.debian.org/debian-lts/2026/06/msg00012.html
- Update Front-Desk workflow, temporarily
https://lts-team.pages.debian.net/front-desk.html#initial-package-triage-for-lts
- Work queue: sync from secteam's data/dsa-needed.txt
- Debian wiki update
- Many updates for the new bookworm LTS
- Improve and harmonize LTS and ELTS support matrix
https://wiki.debian.org/LTS
https://wiki.debian.org/LTS/Extended
- Clean-up/update Team and Funding pages
https://wiki.debian.org/LTS/Team
https://wiki.debian.org/LTS/Funding
- security-tracker clean-ups
- Drop bin/contact-maintainers and support files
https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/297#note_763889
https://lists.debian.org/debian-lts/2026/06/msg00020.html
- bin/review-update-needed: document script purpose
- clean-up branch users/roberto/rmadison_review-update-needed
https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/50#note_770470
- clean-up branch elts-trim-unimportant (elts)
- Warn that debian-security-support change breaks lts-cve-triage.py
https://salsa.debian.org/debian/debian-security-support/-/merge_requests/68#note_775778
- security-tracker size issues
- Issues related to the size of data/CVE/list, which recently passed
a critical size of 50MB, are piling up.
- Discuss and analyze issue publicly
https://lists.debian.org/debian-security/2026/06/msg00001.html
https://lists.debian.org/debian-security-tracker/2026/06/msg00009.html
- Investigate recompression techniques with helmut
- Investigate splitting+rewriting strategies, following:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908678#189
- security-tracker per-CVE history
Now references original commits, and adjusts commit references
https://salsa.debian.org/lts-team/cvehist
- Move end-user-oriented documentation back to the Debian wiki
https://lists.debian.org/debian-lts/2026/06/msg00038.html
https://wiki.debian.org/LTS/Using
https://wiki.debian.org/LTS/FAQ
https://wiki.debian.org/LTS/Contact
- Public Team documentation
- Many updates for the new bookworm LTS
- Move user-oriented LTS documentation back to the Debian Wiki
- dla-needed.txt: caveats for bookworm-lts's first months
https://salsa.debian.org/security-tracker-team/security-tracker/-/blob/632ac5e4aabdff48c4416bcdb05da280850aa776/data/dla-needed.txt
- Development: reword secteam contact
https://lts-team.pages.debian.net/wiki/Development.html#prepare-the-update
- Development: how to handle partial build failure; drop obsolete
non-free work-around
https://lts-team.pages.debian.net/wiki/Development.html#upload-the-update
- security-tracker: work-around for initial download issues
https://lts-team.pages.debian.net/cve-triage.html#debian-security-tracker
- front-desk: update how to contact the maintainers
https://lts-team.pages.debian.net/front-desk.html#contacting-the-maintainers
- TestSuite
p7zip: new entry
https://lts-team.pages.debian.net/wiki/TestSuites/p7zip.html
OpenStack: reference zigo's summary
https://lts-team.pages.debian.net/wiki/TestSuites/OpenStack.html
- Private documentation
- Review update to ELTS upload procedure and signature handling
- Finishing dropping "common" section: we document LTS as the base,
and ELTS as a delta (no need for 3 common/LTS/ELTS sections).
- Reference security-tracker issues at the public documentation.
- Team & users help
- snapd assessment
https://lists.debian.org/debian-lts/2026/06/msg00030.html
- OpenStack packages in Bullseye
https://lists.debian.org/debian-lts/2026/06/msg00024.html
- Announce DLA-4633-1 for libreoffice (prepared by Rene)
https://lists.debian.org/debian-lts-announce/2026/06/msg00022.html
- Team meeting (Jitsi)
https://lists.debian.org/debian-lts/2026/06/msg00045.html
--
Sylvain Beucler
Debian LTS Team