Here is my public monthly report. Thanks to our sponsors for making this possible, and to Freexian for handling the offering. https://www.freexian.com/services/debian-lts.html#sponsors
LTS - CVEs triage (first half-week of the month) - Add 9 packages for update - Assess vulnerability status for 8 CVEs - Clarify several CVEs status - libreoffice: harmonize CVEs triage and drop update for now - lrzip - Fix/precise triage for 2 unfixed CVEs, reference 5 fixed minor CVEs - Re-open unfixed CVE upstream https://github.com/ckolivas/lrzip/issues/91#issuecomment-1095265583 - Precise triage for other CVEs - DLA-2981-1 https://lists.debian.org/debian-lts-announce/2022/04/msg00012.html - golang-1.7, golang-1.8 - Harmonize with Debian 11.3 - DLA 2985-1, DLA 2986-1 https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html ELTS - CVEs triage (first half-week of the month) - common work with LTS - lrzip - Common work with LTS - Harmonize with stretch - ELA-597-1 https://deb.freexian.com/extended-lts/updates/ela-597-1-lrzip/ - golang - Common work with LTS - ELA-600-1 https://deb.freexian.com/extended-lts/updates/ela-600-1-golang/ Documentation and tooling - security-tracker: lts-cve-triage.py - Tracking oldstable/stable updates suitable for (missing in) LTS https://lists.debian.org/debian-lts/2022/04/msg00011.html - handle '/stable', '/oldstable' notations in dsa-needed.txt e.g. twig/oldstable - support for new 'debian-security-support' patterns - LTS documentation - 'debian-security-support' info https://wiki.debian.org/LTS/Development?action=diff&rev2=287&rev1=286 https://lists.debian.org/debian-lts/2022/04/msg00003.html - triage: precise how to use the 'oldstable' report https://wiki.debian.org/LTS/Development?action=diff&rev2=289&rev1=288 - Internal discussions - Unsupported packages in jessie and stretch ELTS - Documenting specific procedures for packages - Jitsi meeting -- Sylvain Beucler Debian LTS Team