Like each month, have a look at the work funded by Freexian’s Debian LTS offering.
Debian LTS contributors
In May, 18 contributors have been paid to work on Debian LTS, their reports are available:
- Abhijith PA did 6.0h (out of 6.0h assigned and 8.0h from previous period), thus carrying over 8.0h to the next month.
- Anton Gladky did 6.0h (out of 8.0h assigned and 7.0h from previous period), thus carrying over 9.0h to the next month.
- Bastien Roucariès did 17.0h (out of 17.0h assigned and 3.0h from previous period), thus carrying over 3.0h to the next month.
- Ben Hutchings did 17.0h (out of 16.0h assigned and 8.0h from previous period), thus carrying over 7.0h to the next month.
- Chris Lamb did 18.0h (out of 18.0h assigned).
- Daniel Leidert did 0.0h (out of 0h assigned and 12.0h from previous period), thus carrying over 12.0h to the next month.
- Dominik George did 0.0h (out of 0h assigned and 20.34h from previous period), thus carrying over 20.34h to the next month.
- Emilio Pozuelo Monfort did 32.0h (out of 18.5h assigned and 16.0h from previous period), thus carrying over 2.5h to the next month.
- Guilhem Moulin did 20.0h (out of 8.5h assigned and 11.5h from previous period).
- Holger Levsen did 0.0h (out of 0h assigned and 10.0h from previous period), thus carrying over 10.0h to the next month.
- Lee Garrett did 0.0h (out of 0h assigned and 40.5h from previous period), thus carrying over 40.5h to the next month.
- Markus Koschany did 34.5h (out of 34.5h assigned).
- Roberto C. Sánchez did 18.25h (out of 20.5h assigned and 11.5h from previous period), thus carrying over 13.75h to the next month.
- Scarlett Moore did 20.0h (out of 20.0h assigned).
- Sylvain Beucler did 34.5h (out of 29.0h assigned and 5.5h from previous period).
- Thorsten Alteholz did 14.0h (out of 14.0h assigned).
- Tobias Frost did 16.0h (out of 15.0h assigned and 1.0h from previous period).
- Utkarsh Gupta did 5.5h (out of 5.0h assigned and 26.0h from previous period), thus carrying over 25.5h to the next month.
Evolution of the situation
In May, we have released 34 DLAs.
Several of the DLAs constituted notable security updates to LTS during the month of May. Of particular note were the linux (4.19) and linux-5.10 packages, both of which addressed a considerable number of CVEs. Additionally, the postgresql-11 package was updated by synchronizing it with the 11.20 release from upstream.
Notable non-security updates were made to the distro-info-data database and the timezone database. The distro-info-data package was updated with the final expected release date of Debian 12, made aware of Debian 14 and Ubuntu 23.10, and was updated with the latest EOL dates for Ubuntu releases. The tzdata and libdatetime-timezone-perl packages were updated with the 2023c timezone database. The changes in these packages ensure that in addition to the latest security updates LTS users also have the latest information concerning Debian and Ubuntu support windows, as well as the latest timezone data for accurate worldwide timekeeping.
LTS contributor Anton implemented an improvement to the Debian Security Tracker “Unfixed vulnerabilities in unstable without a filed bug” view, allowing for more effective management of CVEs which do not yet have a corresponding bug entry in the Debian BTS.
LTS contributor Sylvain concluded an audit of obsolete packages still supported in LTS to ensure that new CVEs are properly associated. In this case, a package being obsolete means that it is no longer associated with a Debian release for which the Debian Security Team has direct responsibility. When this occurs, it is the responsibility of the LTS team to ensure that incoming CVEs are properly associated to packages which exist only in LTS.
Finally, LTS contributors also contributed several updates to packages in unstable/testing/stable to fix CVEs. This helps package maintainers, addresses CVEs in current and future Debian releases, and ensures that the CVEs do not remain open for an extended period of time only for the LTS team to be required to deal with them much later in the future.
Thanks to our sponsors
Sponsors that joined recently are in bold.
- Platinum sponsors:
- Gold sponsors:
- Silver sponsors:
- Domeneshop AS (for 108 months)
- Nantes Métropole (for 102 months)
- Univention GmbH (for 94 months)
- Université Jean Monnet de St Etienne (for 94 months)
- Ribbon Communications, Inc. (for 88 months)
- Exonet B.V. (for 78 months)
- Leibniz Rechenzentrum (for 72 months)
- CINECA (for 61 months)
- Ministère de l’Europe et des Affaires Étrangères (for 55 months)
- Cloudways Ltd (for 45 months)
- Dinahosting SL (for 43 months)
- Bauer Xcel Media Deutschland KG (for 37 months)
- Platform.sh (for 37 months)
- Moxa Inc. (for 31 months)
- sipgate GmbH (for 28 months)
- OVH US LLC (for 26 months)
- Tilburg University (for 26 months)
- GSI Helmholtzzentrum für Schwerionenforschung GmbH (for 17 months)
- Soliton Systems K.K. (for 15 months)
- Bronze sponsors:
- Evolix (for 109 months)
- Seznam.cz, a.s. (for 109 months)
- Linuxhotel GmbH (for 106 months)
- Intevation GmbH (for 105 months)
- Daevel SARL (for 104 months)
- Bitfolk LTD (for 103 months)
- Megaspace Internet Services GmbH (for 103 months)
- Greenbone AG (for 102 months)
- NUMLOG (for 102 months)
- WinGo AG (for 102 months)
- Ecole Centrale de Nantes - LHEEA (for 98 months)
- Entr’ouvert (for 93 months)
- Adfinis AG (for 90 months)
- GNI MEDIA (for 85 months)
- Laboratoire LEGI - UMR 5519 / CNRS (for 85 months)
- Tesorion (for 85 months)
- Bearstech (for 76 months)
- LiHAS (for 76 months)
- Catalyst IT Ltd (for 71 months)
- Supagro (for 66 months)
- Demarcq SAS (for 65 months)
- Université Grenoble Alpes (for 51 months)
- TouchWeb SAS (for 43 months)
- SPiN AG (for 40 months)
- CoreFiling (for 35 months)
- Institut des sciences cognitives Marc Jeannerod (for 30 months)
- Observatoire des Sciences de l’Univers de Grenoble (for 27 months)
- Tem Innovations GmbH (for 21 months)
- WordFinder.pro (for 21 months)
- CNRS DT INSU Résif (for 20 months)
- Alter Way (for 13 months)
- Institut Camille Jordan