Monthly report about Debian Long Term Support, March 2025

Like each month, have a look at the work funded by Freexian’s Debian LTS offering.

Debian LTS contributors

In March, 20 contributors have been paid to work on Debian LTS, their reports are available:

• Adrian Bunk did 51.5h (out of 0.0h assigned and 51.5h from previous period).
• Andreas Henriksson did 20.0h (out of 20.0h assigned).
• Andrej Shadura did 6.0h (out of 10.0h assigned), thus carrying over 4.0h to the next month.
• Bastien Roucariès did 20.0h (out of 20.0h assigned).
• Ben Hutchings did 12.0h (out of 12.0h assigned and 12.0h from previous period), thus carrying over 12.0h to the next month.
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Daniel Leidert did 26.0h (out of 23.0h assigned and 3.0h from previous period).
• Emilio Pozuelo Monfort did 37.0h (out of 36.5h assigned and 0.75h from previous period), thus carrying over 0.25h to the next month.
• Guilhem Moulin did 8.25h (out of 11.0h assigned and 9.0h from previous period), thus carrying over 11.75h to the next month.
• Jochen Sprickerhof did 18.0h (out of 24.25h assigned and 3.0h from previous period), thus carrying over 9.25h to the next month.
• Lee Garrett did 10.25h (out of 0.0h assigned and 42.0h from previous period), thus carrying over 31.75h to the next month.
• Lucas Kanashiro did 4.0h (out of 0.0h assigned and 56.0h from previous period), thus carrying over 52.0h to the next month.
• Markus Koschany did 27.25h (out of 27.25h assigned).
• Roberto C. Sánchez did 8.25h (out of 7.0h assigned and 17.0h from previous period), thus carrying over 15.75h to the next month.
• Santiago Ruano Rincón did 17.5h (out of 19.75h assigned and 5.25h from previous period), thus carrying over 7.5h to the next month.
• Sean Whitton did 7.0h (out of 7.0h assigned).
• Sylvain Beucler did 32.0h (out of 31.0h assigned and 1.25h from previous period), thus carrying over 0.25h to the next month.
• Thorsten Alteholz did 11.0h (out of 11.0h assigned).
• Tobias Frost did 7.75h (out of 12.0h assigned), thus carrying over 4.25h to the next month.
• Utkarsh Gupta did 15.0h (out of 15.0h assigned).

Evolution of the situation

In March, we have released 31 DLAs.

• Notable security updates:
  • linux-6.1 (1 2)and linux, prepared by Ben Hutchings, fixed an extensive list of vulnerabilities
  • firefox-esr, prepared by Emilio Pozuelo Monfort, fixed a variety of vulnerabilities
  • intel-microcode, prepared by Tobias Frost, fixed several local privilege escalation, denial of service, and information disclosure vulnerabilities
  • vim, prepared by Sean Whitton, fixed a multitude of vulnerabilities, including many application crashes, buffer overflows, and out-of-bounds reads

The recent trend of contributions from contributors external to the formal LTS team has continued. LTS contributor Sylvain Beucler reviewed and facilitated an update to openvpn proposed by Aquila Macedo, resulting in the publication of DLA 4079-1. Thanks a lot to Aquila for preparing the update.

The LTS Team continues to make contributions to the current stable Debian release, Debian 12 (codename “bookworm”). LTS contributor Bastien Roucariès prepared a stable upload of krb5 to ensure that fixes made in the LTS release, Debian 11 (codename “bullseye”) were also made available to stable users. Additional stable updates, for tomcat10 and jetty9, were prepared by LTS contributor Markus Koschany. And, finally, LTS contributor Utkarsh Gupta prepared stable updates for rails and ruby-rack.

LTS contributor Emilio Pozuelo Monfort has continued his ongoing improvements to the Debian security tracker and its associated tooling, making the data contained in the tracker more reliable and easing interaction with it.

The ckeditor3 package, which has been EOL by upstream for some time, is still depended upon by the PHP Horde packages in Debian. Sylvain, along with Bastien, did monumental work in coordinating with maintainers, security team fellows, and other Debian teams, to formally declare the EOL of the ckeditor3 package in Debian 11 and in Debian 12. Additionally, as a result of this work Sylvain has worked towards the removal of ckeditor3 as a dependency by other packages in order to facilitate the complete removal of ckeditor3 from all future Debian releases.

Thanks to our sponsors

Sponsors that joined recently are in bold.

• Platinum sponsors:
  • Toshiba Corporation (for 114 months)
  • Civil Infrastructure Platform (CIP) (for 82 months)
  • VyOS Inc (for 47 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 125 months)
  • Akamai - Linode (for 119 months)
  • Babiel GmbH (for 108 months)
  • Plat’Home (for 108 months)
  • University of Oxford (for 65 months)
  • Deveryware (for 52 months)
  • EDF SA (for 36 months)
  • Dataport AöR (for 12 months)
  • CERN (for 9 months)
• Silver sponsors:
  • Domeneshop AS (for 129 months)
  • Nantes Métropole (for 123 months)
  • Univention GmbH (for 115 months)
  • Université Jean Monnet de St Etienne (for 115 months)
  • Ribbon Communications, Inc. (for 109 months)
  • Exonet B.V. (for 99 months)
  • Leibniz Rechenzentrum (for 93 months)
  • Ministère de l’Europe et des Affaires Étrangères (for 77 months)
  • Cloudways by DigitalOcean (for 66 months)
  • Dinahosting SL (for 64 months)
  • Bauer Xcel Media Deutschland KG (for 59 months)
  • Platform.sh SAS (for 59 months)
  • Moxa Inc. (for 53 months)
  • sipgate GmbH (for 50 months)
  • OVH US LLC (for 48 months)
  • Tilburg University (for 48 months)
  • GSI Helmholtzzentrum für Schwerionenforschung GmbH (for 40 months)
  • Soliton Systems K.K. (for 37 months)
  • THINline s.r.o. (for 13 months)
  • Copenhagen Airports A/S (for 6 months)
• Bronze sponsors:
  • Evolix (for 130 months)
  • Seznam.cz, a.s. (for 130 months)
  • Linuxhotel GmbH (for 127 months)
  • Intevation GmbH (for 126 months)
  • Daevel SARL (for 125 months)
  • Bitfolk LTD (for 124 months)
  • Megaspace Internet Services GmbH (for 124 months)
  • Greenbone AG (for 123 months)
  • NUMLOG (for 123 months)
  • WinGo AG (for 123 months)
  • Entr’ouvert (for 114 months)
  • Adfinis AG (for 112 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 106 months)
  • Tesorion (for 106 months)
  • Bearstech (for 98 months)
  • LiHAS (for 98 months)
  • Catalyst IT Ltd (for 92 months)
  • Supagro (for 88 months)
  • Demarcq SAS (for 86 months)
  • Université Grenoble Alpes (for 72 months)
  • TouchWeb SAS (for 65 months)
  • SPiN AG (for 61 months)
  • CoreFiling (for 57 months)
  • Institut des sciences cognitives Marc Jeannerod (for 52 months)
  • Observatoire des Sciences de l’Univers de Grenoble (for 49 months)
  • Tem Innovations GmbH (for 44 months)
  • WordFinder.pro (for 43 months)
  • CNRS DT INSU Résif (for 42 months)
  • Alter Way (for 35 months)
  • Institut Camille Jordan (for 25 months)
  • SOBIS Software GmbH (for 9 months)
  • Tuxera Inc.

by Roberto C. Sánchez 28 Apr, 2025 . Tags : debian-lts, planet-debian, report , 1033 Words.