Monthly report about Debian Long Term Support, January 2025

Like each month, have a look at the work funded by Freexian’s Debian LTS offering.

Debian LTS contributors

In January, 20 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 8.0h (out of 14.0h assigned), thus carrying over 6.0h to the next month.
• Adrian Bunk did 36.5h (out of 47.75h assigned and 52.25h from previous period), thus carrying over 63.5h to the next month.
• Andrej Shadura did 11.0h (out of 11.0h assigned and 4.0h from previous period), thus carrying over 4.0h to the next month.
• Arturo Borrero Gonzalez did 9.0h (out of 10.0h assigned), thus carrying over 1.0h to the next month.
• Bastien Roucariès did 22.0h (out of 22.0h assigned).
• Ben Hutchings did 8.0h (out of 21.0h assigned and 3.0h from previous period), thus carrying over 16.0h to the next month.
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Daniel Leidert did 20.0h (out of 23.0h assigned and 3.0h from previous period), thus carrying over 6.0h to the next month.
• Emilio Pozuelo Monfort did 34.0h (out of 7.0h assigned and 27.75h from previous period), thus carrying over 0.75h to the next month.
• Guilhem Moulin did 3.25h (out of 20.0h assigned), thus carrying over 16.75h to the next month.
• Jochen Sprickerhof did 23.0h (out of 15.0h assigned and 8.0h from previous period).
• Lee Garrett did 15.75h (out of 8.5h assigned and 51.5h from previous period), thus carrying over 44.25h to the next month.
• Lucas Kanashiro did 8.0h (out of 32.0h assigned and 32.0h from previous period), thus carrying over 56.0h to the next month.
• Markus Koschany did 40.0h (out of 40.0h assigned).
• Roberto C. Sánchez did 14.75h (out of 13.5h assigned and 10.5h from previous period), thus carrying over 9.25h to the next month.
• Santiago Ruano Rincón did 21.75h (out of 18.75h assigned and 6.25h from previous period), thus carrying over 3.25h to the next month.
• Sean Whitton did 8.5h (out of 8.5h assigned).
• Sylvain Beucler did 10.5h (out of 0.0h assigned and 49.5h from previous period), thus carrying over 39.0h to the next month.
• Thorsten Alteholz did 11.0h (out of 11.0h assigned).
• Tobias Frost did 12.0h (out of 12.0h assigned).

Evolution of the situation

In January, we have released 33 DLAs.

There were numerous security and non-security updates to Debian 11 (codename “bullseye”) during January.

• Notable security updates:
  • rsync, prepared by Thorsten Alteholz, fixed several CVEs (including information leak and path traversal vulnerabilities)
  • tomcat9, prepared by Markus Koschany, fixed several CVEs (including denial of service and information disclosure vulnerabilities)
  • ruby2.7, prepared by Bastien Roucariès, fixed several CVEs (including denial of service vulnerabilities)
  • tiff, prepared by Adrian Bunk, fixed several CVEs (including NULL ptr, buffer overflow, use-after-free, and segfault vulnerabilities)
• Notable non-security updates:
  • linux-6.1, prepared by Ben Hutchings, has been packaged for bullseye (this was done specifically to provide a supported upgrade path for systems that currently use kernel packages from the “bullseye-backports” suite)
  • debian-security-support, prepared by Santiago Ruano Rincón, which formalized the EOL of intel-mediasdk and node-matrix-js-sdk

In addition to the security and non-security updates targeting “bullseye”, various LTS contributors have prepared uploads targeting Debian 12 (codename “bookworm”) with fixes for a variety of vulnerabilities. Abhijith PA prepared an upload of puma; Bastien Roucariès prepared an upload of node-postcss with fixes for data processing and denial of service vulnerabilities; Daniel Leidert prepared updates for setuptools, python-asyncssh, and python-tornado; Lee Garrett prepared an upload of ansible-core; and Guilhem Moulin prepared updates for python-urllib3, sqlparse, and opensc. Santiago Ruano Rincón also worked on tracking and filing some issues about packages that need an update in recent releases to avoid regressions on upgrade. This relates to CVEs that were fixed in buster or bullseye, but remain open in bookworm. These updates, along with Santiago’s work on identifying and tracking similar issues, underscore the LTS Team’s commitment to ensuring that the work we do as part of LTS also benefits the current Debian stable release.

LTS contributor Sean Whitton also prepared an upload of jinja2 and Santiago Ruano Rincón prepared an upload of openjpeg2 for Debian unstable (codename “sid”), as part of the LTS Team effort to assist with package uploads to unstable.

Thanks to our sponsors

Sponsors that joined recently are in bold.

• Platinum sponsors:
  • Toshiba Corporation (for 112 months)
  • Civil Infrastructure Platform (CIP) (for 80 months)
  • VyOS Inc (for 44 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 122 months)
  • Akamai - Linode (for 116 months)
  • Babiel GmbH (for 106 months)
  • Plat’Home (for 105 months)
  • University of Oxford (for 62 months)
  • Deveryware (for 49 months)
  • EDF SA (for 34 months)
  • Dataport AöR (for 9 months)
  • CERN (for 7 months)
• Silver sponsors:
  • Domeneshop AS (for 127 months)
  • Nantes Métropole (for 121 months)
  • Univention GmbH (for 113 months)
  • Université Jean Monnet de St Etienne (for 113 months)
  • Ribbon Communications, Inc. (for 107 months)
  • Exonet B.V. (for 97 months)
  • Leibniz Rechenzentrum (for 91 months)
  • Ministère de l’Europe et des Affaires Étrangères (for 75 months)
  • Cloudways by DigitalOcean (for 64 months)
  • Dinahosting SL (for 62 months)
  • Bauer Xcel Media Deutschland KG (for 56 months)
  • Platform.sh SAS (for 56 months)
  • Moxa Inc. (for 50 months)
  • sipgate GmbH (for 48 months)
  • OVH US LLC (for 46 months)
  • Tilburg University (for 46 months)
  • GSI Helmholtzzentrum für Schwerionenforschung GmbH (for 37 months)
  • Soliton Systems K.K. (for 34 months)
  • THINline s.r.o. (for 10 months)
  • Copenhagen Airports A/S (for 4 months)
• Bronze sponsors:
  • Evolix (for 127 months)
  • Seznam.cz, a.s. (for 127 months)
  • Intevation GmbH (for 124 months)
  • Linuxhotel GmbH (for 124 months)
  • Daevel SARL (for 123 months)
  • Bitfolk LTD (for 122 months)
  • Megaspace Internet Services GmbH (for 122 months)
  • Greenbone AG (for 121 months)
  • NUMLOG (for 121 months)
  • WinGo AG (for 120 months)
  • Entr’ouvert (for 111 months)
  • Adfinis AG (for 109 months)
  • Tesorion (for 104 months)
  • GNI MEDIA (for 103 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 103 months)
  • Bearstech (for 95 months)
  • LiHAS (for 95 months)
  • Catalyst IT Ltd (for 90 months)
  • Supagro (for 85 months)
  • Demarcq SAS (for 84 months)
  • Université Grenoble Alpes (for 70 months)
  • TouchWeb SAS (for 62 months)
  • SPiN AG (for 59 months)
  • CoreFiling (for 55 months)
  • Institut des sciences cognitives Marc Jeannerod (for 50 months)
  • Observatoire des Sciences de l’Univers de Grenoble (for 46 months)
  • Tem Innovations GmbH (for 41 months)
  • WordFinder.pro (for 40 months)
  • CNRS DT INSU Résif (for 39 months)
  • Alter Way (for 32 months)
  • Institut Camille Jordan (for 22 months)
  • SOBIS Software GmbH (for 7 months)

by Roberto C. Sánchez 14 Feb, 2025 . Tags : debian-lts, planet-debian, report , 1062 Words.