In August I was assigned 13.25 hours of work by Freexian's Debian LTS initiative and carried over 6 hours from earlier months. I worked 1.25 hours and will carry over the remainder. I attended an LTS team meeting, and wrote my report for July 2021, but did not work on any updates.

Like each month, have a look at the work funded by Freexian s Debian LTS offering. Debian project funding In July, we put aside 2400 EUR to fund Debian projects. We haven t received proposals of projects to fund in the last months, so we have scheduled a discussion during Debconf to try to to figure out why that is and how we can fix that. Join us on August 26th at 16:00 UTC on this link. We are pleased to announce that Jeremiah Foster will help out to make this initiative a success : he can help Debian members to come up with solid proposals, he can look for people willing to do the work once the project has been formalized and approved, and he will make sure that the project implementation keeps on track when the actual work has begun. We re looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article. Debian LTS contributors In July, 12 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 5.0h (out of 7h assigned and 3h remaining), thus carrying over 5h to August.
• Anton Gladky did 12h (out of 12h assigned).
• Ben Hutchings did 12.75h (out of 16h assigned and 2.75h from June), thus carrying over 6h to August.
• Chris Lamb did 18h (out of 18h assigned).
• Emilio Pozuelo Monfort did not report back about their work so we assume they did nothing (out of 39.75h assigned plus 11h from June), thus is carrying over 50.75h for August.
• Holger Levsen s work was coordinating/managing the LTS team, he did 3.5h (out of 12h assigned) and gave back 8.5h to the pool.
• Markus Koschany did 30h (out of 30h assigned and 30h from June), thus carrying over 30h to August.
• Ola Lundqvist did nothing (out of 12h assigned plus 20h from June), thus is carrying over 32h for August.
• Roberto C. S nchez did 13.5h (out of 32h assigned and 20h from June), and gave back 38.5h to the pool.
• Sylvain Beucler did 30h (out of 30h assigned).
• Thorsten Alteholz did 30h (out of 30h assigned).
• Utkarsh Gupta did 39.75h (out of 39.75h assigned).

Evolution of the situation In July we released 30 DLAs. Also we were glad to welcome Neil Williams and Lee Garrett who became active contributors. The security tracker currently lists 63 packages with a known CVE and the dla-needed.txt file has 17 packages needing an update. We would like to thank Holger Levsen for the years of work where he managed/coordinated the paid LTS contributors. Jeremiah Foster will take over his duties. Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 71 months)
  • GitHub (for 62 months)
  • Civil Infrastructure Platform (CIP) (for 39 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 82 months)
  • Linode (for 76 months)
  • Babiel GmbH (for 65 months)
  • Plat Home (for 65 months)
  • University of Oxford (for 21 months)
  • Deveryware (for 8 months)
  • VyOS
• Silver sponsors:
  • The Positive Internet Company (for 87 months)
  • Domeneshop AS (for 86 months)
  • Nantes M tropole (for 80 months)
  • Univention GmbH (for 72 months)
  • Universit Jean Monnet de St Etienne (for 72 months)
  • Ribbon Communications, Inc. (for 66 months)
  • Exonet B.V. (for 56 months)
  • Leibniz Rechenzentrum (for 50 months)
  • CINECA (for 39 months)
  • Minist re de l Europe et des Affaires trang res (for 33 months)
  • Cloudways Ltd (for 23 months)
  • Dinahosting SL (for 21 months)
  • Bauer Xcel Media Deutschland KG (for 15 months)
  • Platform.sh (for 15 months)
  • Moxa Intelligence Co., Ltd. (for 9 months)
  • sipgate GmbH (for 6 months)
  • OVH US LLC (for 4 months)
  • Tilburg University (for 4 months)
• Bronze sponsors:
  • Evolix (for 87 months)
  • Seznam.cz, a.s. (for 87 months)
  • Intevation GmbH (for 84 months)
  • Linuxhotel GmbH (for 84 months)
  • Daevel SARL (for 82 months)
  • Bitfolk LTD (for 81 months)
  • Megaspace Internet Services GmbH (for 81 months)
  • Greenbone Networks GmbH (for 80 months)
  • NUMLOG (for 80 months)
  • WinGo AG (for 80 months)
  • Ecole Centrale de Nantes LHEEA (for 76 months)
  • Entr ouvert (for 71 months)
  • Adfinis AG (for 68 months)
  • GNI MEDIA (for 63 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 63 months)
  • Tesorion (for 63 months)
  • Bearstech (for 54 months)
  • LiHAS (for 54 months)
  • People Doc (for 51 months)
  • Catalyst IT Ltd (for 49 months)
  • Demarcq SAS (for 43 months)
  • Universit Grenoble Alpes (for 29 months)
  • TouchWeb SAS (for 21 months)
  • SPiN AG (for 18 months)
  • CoreFiling (for 13 months)
  • Institut des sciences cognitives Marc Jeannerod (for 8 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 5 months)

In July I was assigned 16 hours of work by Freexian's Debian LTS initiative and carried over 2.75 hours from earlier months. I worked 12.75 hours and will carry over the remainder. I applied some urgent (and some not-so-urgent) security fixes to the linux (Linux 4.9), uploaded it, and issued DLA-2713-2. I also updated the linux-4.19 package based on the stable security update, and issued DLA-2714-1.

Like each month, have a look at the work funded by Freexian s Debian LTS offering. Debian project funding In June, we put aside 5775 EUR to fund Debian projects for which we re looking forward to receive more projects from various
Debian teams! Learn more about the rationale behind this initiative in this article. Debian LTS contributors In June, 12 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 18.0h (out of 14h assigned and 19h from May), thus carrying over 15h to July.
• Anton Gladky did 12h (out of 12h assigned).
• Ben Hutchings did 13.25h (out of 14h assigned and 2h from May), thus carrying over 2.75h to July.
• Chris Lamb did 18h (out of 18h assigned).
• Emilio Pozuelo Monfort did 29h (out of 40h assigned), thus carrying over 11h to July.
• Holger Levsen s work was coordinating/managing the LTS team, he did 3.5h (out of 12h assigned) and gave back 8.5h to the pool.
• Markus Koschany did 29.75h (out of 30h assigned plus 29.75h from May), thus carrying over 30h for July.
• Ola Lundqvist did 10h (out of 12h assigned and 4.5h from May), thus carrying over 6.5h to July.
• Roberto C. S nchez did 12h (out of 32h assigned), thus carrying over 20h to July.
• Sylvain Beucler did 30h (out of 30h assigned).
• Thorsten Alteholz did 30h (out of 30h assigned).
• Utkarsh Gupta did not report back about their work so we assume they did nothing (out of 40h assigned), thus is carrying over 40h for July.

Evolution of the situation In June we released 30 DLAs. As already written last month we are looking for a Debian LTS project manager and team coordinator.
Finally, we would like to remark once again that we are constantly looking for new contributors. Please contact Holger if you are interested! The security tracker currently lists 41 packages with a known CVE and the dla-needed.txt file has 23 packages needing an update. Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 70 months)
  • GitHub (for 60 months)
  • Civil Infrastructure Platform (CIP) (for 38 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 81 months)
  • Linode (for 75 months)
  • Babiel GmbH (for 64 months)
  • Plat Home (for 63 months)
  • University of Oxford (for 20 months)
  • Deveryware (for 7 months)
  • VyOS
• Silver sponsors:
  • The Positive Internet Company (for 86 months)
  • Domeneshop AS (for 85 months)
  • Nantes M tropole (for 79 months)
  • Univention GmbH (for 71 months)
  • Universit Jean Monnet de St Etienne (for 71 months)
  • Ribbon Communications, Inc. (for 65 months)
  • Exonet B.V. (for 54 months)
  • Leibniz Rechenzentrum (for 48 months)
  • CINECA (for 38 months)
  • Minist re de l Europe et des Affaires trang res (for 32 months)
  • Cloudways Ltd (for 21 months)
  • Dinahosting SL (for 19 months)
  • Platform.sh (for 14 months)
  • Bauer Xcel Media Deutschland KG (for 13 months)
  • Moxa Intelligence Co., Ltd. (for 7 months)
  • sipgate GmbH (for 5 months)
  • OVH US LLC (for 3 months)
  • Tilburg University (for 3 months)
• Bronze sponsors:
  • Seznam.cz, a.s. (for 86 months)
  • Evolix (for 85 months)
  • Linuxhotel GmbH (for 83 months)
  • Intevation GmbH (for 82 months)
  • Daevel SARL (for 81 months)
  • Bitfolk LTD (for 80 months)
  • Megaspace Internet Services GmbH (for 80 months)
  • Greenbone Networks GmbH (for 79 months)
  • NUMLOG (for 79 months)
  • WinGo AG (for 78 months)
  • Ecole Centrale de Nantes LHEEA (for 75 months)
  • Entr ouvert (for 70 months)
  • Adfinis AG (for 67 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 62 months)
  • Tesorion (for 62 months)
  • GNI MEDIA (for 61 months)
  • Bearstech (for 53 months)
  • LiHAS (for 53 months)
  • People Doc (for 49 months)
  • Catalyst IT Ltd (for 47 months)
  • Demarcq SAS (for 41 months)
  • Universit Grenoble Alpes (for 28 months)
  • TouchWeb SAS (for 20 months)
  • SPiN AG (for 16 months)
  • CoreFiling (for 12 months)
  • Institut des sciences cognitives Marc Jeannerod (for 7 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 3 months)

In June I was assigned 14 hours of work by Freexian's Debian LTS initiative and carried over 2 hours from earlier months. I worked 13.25 hours and will carry over the remainder. I finished bringing the linux (Linux 4.9) package up to date, uploaded it, and issued DLA-2689-1. I also updated the linux-4.19 package based on the version in stable point release 10.10, and issued DLA-2690-1. Finally, I backported my recent security fixes for klibc, uploaded it and issued DLA-2695-1.

Like each month, have a look at the work funded by Freexian s Debian LTS offering. Debian project funding In May, we again put aside 2100 EUR to fund Debian projects. There was no proposals for new projects received, thus we re looking forward to receive more projects from various Debian teams! Please do not hesitate to submit a proposal, if there is a project that could benefit from the funding! We re looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article. Debian LTS contributors In May, 12 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 7.0h (out of 14h assigned and 12h from April), thus carrying over 19h to June.
• Anton Gladky did 12h (out of 12h assigned).
• Ben Hutchings did 16h (out of 13.5h assigned plus 4.5h from April), thus is carrying over 2h for June.
• Chris Lamb did 18h (out of 18h assigned).
• Holger Levsen s work was coordinating/managing the LTS team, he did 5.5h and gave back 6.5h to the pool.
• Markus Koschany did 15h (out of 29.75h assigned and 15h from April), thus carrying over 29.75h to June.
• Ola Lundqvist did 12h (out of 12h assigned and 4.5h from April), thus carrying over 4.5h to June.
• Roberto C. S nchez did 7.5h (out of 27.5h assigned and 27h from April), and gave back 47h to the pool.
• Sylvain Beucler did 29.75h (out of 29.75h assigned).
• Thorsten Alteholz did 29.75h (out of 29.75h assigned).
• Utkarsh Gupta did 29.75h (out of 29.75h assigned).

Evolution of the situation In May we released 33 DLAs and mostly skipped our public IRC meeting and the end of the month. In June we ll have another team meeting using video as lined out on our LTS meeting page.
Also, two months ago we announced that Holger would step back from his coordinator role and today we are announcing that he is back for the time being, until a new coordinator is found.
Finally, we would like to remark once again that we are constantly looking for new contributors. Please contact Holger if you are interested! The security tracker currently lists 41 packages with a known CVE and the dla-needed.txt file has 21 packages needing an update. Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 69 months)
  • GitHub (for 59 months)
  • Civil Infrastructure Platform (CIP) (for 37 months)
• Gold sponsors:
  • Blablacar (for 84 months)
  • Roche Diagnostics International AG (for 80 months)
  • Linode (for 74 months)
  • Babiel GmbH (for 63 months)
  • Plat Home (for 62 months)
  • University of Oxford (for 19 months)
  • Deveryware (for 6 months)
  • VyOS
• Silver sponsors:
  • The Positive Internet Company (for 85 months)
  • Domeneshop AS (for 84 months)
  • Nantes M tropole (for 78 months)
  • Univention GmbH (for 70 months)
  • Universit Jean Monnet de St Etienne (for 70 months)
  • Ribbon Communications, Inc. (for 64 months)
  • Exonet B.V. (for 53 months)
  • Leibniz Rechenzentrum (for 47 months)
  • CINECA (for 37 months)
  • Minist re de l Europe et des Affaires trang res (for 31 months)
  • Cloudways Ltd (for 20 months)
  • Dinahosting SL (for 18 months)
  • Platform.sh (for 13 months)
  • Bauer Xcel Media Deutschland KG (for 12 months)
  • Moxa Intelligence Co., Ltd. (for 6 months)
  • sipgate GmbH (for 4 months)
  • OVH US LLC
  • Tilburg University
• Bronze sponsors:
  • Seznam.cz, a.s. (for 85 months)
  • Evolix (for 84 months)
  • Linuxhotel GmbH (for 82 months)
  • Intevation GmbH (for 81 months)
  • Daevel SARL (for 80 months)
  • Bitfolk LTD (for 79 months)
  • Megaspace Internet Services GmbH (for 79 months)
  • Greenbone Networks GmbH (for 78 months)
  • NUMLOG (for 78 months)
  • WinGo AG (for 77 months)
  • Ecole Centrale de Nantes LHEEA (for 73 months)
  • Entr ouvert (for 69 months)
  • Adfinis AG (for 66 months)
  • Tesorion (for 61 months)
  • GNI MEDIA (for 60 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 60 months)
  • Bearstech (for 52 months)
  • LiHAS (for 52 months)
  • People Doc (for 48 months)
  • Catalyst IT Ltd (for 46 months)
  • Demarcq SAS (for 40 months)
  • Universit Grenoble Alpes (for 26 months)
  • TouchWeb SAS (for 18 months)
  • SPiN AG (for 15 months)
  • CoreFiling (for 11 months)
  • Institut des sciences cognitives Marc Jeannerod (for 6 months)
  • Observatoire des Sciences de l Univers de Grenoble

In May I was assigned 13.5 hours of work by Freexian's Debian LTS initiative and carried over 4.5 hours from earlier months. I worked 16 hours and will carry over the remainder. I finished reviewing the futex code in the PREEMPT_RT patchset for Linux 4.9, and identified several places where it had been mis-merged with the recent futex security fixes. I sent a patch for these upstream, which was accepted and applied in v4.9.268-rt180. I have continued updating the Linux 4.9 package to later upstream stable versions, and backported some missing security fixes. I have still not made a new upload, but intend to do so this week.

Like each month, have a look at the work funded by Freexian s Debian LTS offering. Debian project funding In April, we put aside 5775 EUR to fund Debian projects. There was no proposals for new projects received, thus we re looking forward to receive more projects from various Debian teams! Please do not hesitate to submit a proposal, if there is a project that could benefit from the funding! Debian LTS contributors In April, 11 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 14.0h (out of 14h assigned and 12h from March), thus carrying over 12h to May.
• Anton Gladky did 12h (out of 12h assigned).
• Ben Hutchings did 14h (out of 16h assigned and 2.5h from March), thus carrying over 4.5h to May.
• Chris Lamb did 18h (out of 18h assigned).
• Holger Levsen s work was coordinating/managing the LTS team, he did 10h (out of 12h assigned), and gave 2h back to the pool.
• Markus Koschany did 15.0h (out of 30h assigned), thus carrying over 15h to May.
• Ola Lundqvist did 7.5h (out of 12h assigned), thus carrying over 4.5h to May.
• Roberto C. S nchez did 9.5h (out of 32h assigned and 4.5h from March), thus carrying over 27h to May.
• Sylvain Beucler did 30h (out of 30h assigned).
• Thorsten Alteholz did 30h (out of 30h assigned).
• Utkarsh Gupta did 60h (out of 60h assigned).

Evolution of the situation In April we released 33 DLAs and held a LTS team meeting using video conferencing. The security tracker currently lists 53 packages with a known CVE and the dla-needed.txt file has 26 packages needing an update. We are please to welcome VyOS as a new gold sponsor! Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 68 months)
  • GitHub (for 59 months)
  • Civil Infrastructure Platform (CIP) (for 36 months)
• Gold sponsors:
  • Blablacar (for 83 months)
  • Roche Diagnostics International AG (for 79 months)
  • Linode (for 73 months)
  • Babiel GmbH (for 62 months)
  • Plat Home (for 62 months)
  • University of Oxford (for 18 months)
  • Deveryware (for 5 months)
  • VyOS
• Silver sponsors:
  • The Positive Internet Company (for 84 months)
  • Domeneshop AS (for 83 months)
  • Nantes M tropole (for 77 months)
  • Univention GmbH (for 69 months)
  • Universit Jean Monnet de St Etienne (for 69 months)
  • Ribbon Communications, Inc. (for 63 months)
  • Exonet B.V. (for 53 months)
  • Leibniz Rechenzentrum (for 47 months)
  • CINECA (for 36 months)
  • Minist re de l Europe et des Affaires trang res (for 30 months)
  • Cloudways Ltd (for 20 months)
  • Dinahosting SL (for 18 months)
  • Bauer Xcel Media Deutschland KG (for 12 months)
  • Platform.sh (for 12 months)
  • Moxa Intelligence Co., Ltd. (for 6 months)
  • sipgate GmbH (for 3 months)
  • OVH US LLC
  • Tilburg University
• Bronze sponsors:
  • Evolix (for 84 months)
  • Seznam.cz, a.s. (for 84 months)
  • Intevation GmbH (for 81 months)
  • Linuxhotel GmbH (for 81 months)
  • Daevel SARL (for 79 months)
  • Bitfolk LTD (for 78 months)
  • Megaspace Internet Services GmbH (for 78 months)
  • Greenbone Networks GmbH (for 77 months)
  • NUMLOG (for 77 months)
  • WinGo AG (for 77 months)
  • Ecole Centrale de Nantes LHEEA (for 73 months)
  • Entr ouvert (for 68 months)
  • Adfinis AG (for 65 months)
  • GNI MEDIA (for 60 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 60 months)
  • Tesorion (for 60 months)
  • Bearstech (for 51 months)
  • LiHAS (for 51 months)
  • People Doc (for 48 months)
  • Catalyst IT Ltd (for 46 months)
  • Supagro (for 41 months)
  • Demarcq SAS (for 40 months)
  • Universit Grenoble Alpes (for 26 months)
  • TouchWeb SAS (for 18 months)
  • SPiN AG (for 15 months)
  • CoreFiling (for 10 months)
  • Institut des sciences cognitives Marc Jeannerod (for 5 months)
  • Observatoire des Sciences de l Univers de Grenoble

In April I was assigned 16 hours of work by Freexian's Debian LTS initiative and carried over 2.5 hours from earlier months. I worked 14 hours and will carry over the remainder. I spent a long time trying to verify that the futex issue in was now properly fixed in Linux 4.9, and reviewing the merge of these changes with the real-time (PREEMPT_RT) kernel patchset. Unfortunately this work is not complete and I did not make another upload this month.

Like each month, have a look at the work funded by Freexian s Debian LTS offering. Debian project funding In March, we put aside 3225 EUR to fund Debian projects but sadly nobody picked up anything, so this one of the many reasons Raphael posted as series of blog posts titled Challenging times for Freexian , posted in 4 parts on the last two days of March and the first two of April. [Part one, two, three and four] So we re still looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article! Debian LTS contributors In March, 11 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 9.0h (out of 9h assigned and 12h from February), thus carrying over 12h to April.
• Anton Gladky did 12h (out of 12h assigned).
• Ben Hutchings did 25.75h (out of 16h assigned and 12.25h from February), thus carrying over 2.5h to April.
• Chris Lamb did 18h (out of 18h assigned).
• Holger Levsen did 6h coordinating/managing the LTS team.
• Markus Koschany did 30h (out of 30h assigned).
• Ola Lundqvist did 6.h (out of 10h from February).
• Roberto C. S nchez did 9h (out of 32h assigned and 21.5h from February) and gave 40h back, thus carrying over 4.5h to April.
• Sylvain Beucler did 30h (out of 30h assigned).
• Thorsten Alteholz did 30h (out of 30h assigned).
• Utkarsh Gupta did 60h (out of 60h assigned).

Evolution of the situation In March we released 28 DLAs and held our second LTS team meeting for 2021 on IRC, with the next public IRC meeting coming up at the end of May. At that meeting Holger announced that after 2.5 years he wanted to step back from his role helping Rapha l in coordinating/managing the LTS team. We would like to thank Holger for his continuous work on Debian LTS (which goes back to 2014) and are happy to report that we already found a successor which we will introduce in the upcoming April report from Freexian. Finally, we would like to remark once again that we are constantly looking for new contributors. For a last time, please contact Holger if you are interested! The security tracker currently lists 42 packages with a known CVE and the dla-needed.txt file has 28 packages needing an update. We are also pleased to report that we got 4 new sponsors over the last 2 months : thanks to sipgate GmbH, OVH US LLC, Tilburg University and Observatoire des Sciences de l Univers de Grenoble ! Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 67 months)
  • GitHub (for 58 months)
  • Civil Infrastructure Platform (CIP) (for 35 months)
• Gold sponsors:
  • Blablacar (for 82 months)
  • Roche Diagnostics International AG (for 78 months)
  • Linode (for 72 months)
  • Babiel GmbH (for 61 months)
  • Plat Home (for 61 months)
  • University of Oxford (for 17 months)
  • Deveryware (for 4 months)
• Silver sponsors:
  • The Positive Internet Company (for 83 months)
  • Domeneshop AS (for 82 months)
  • Nantes M tropole (for 77 months)
  • Univention GmbH (for 68 months)
  • Universit Jean Monnet de St Etienne (for 68 months)
  • Ribbon Communications, Inc. (for 62 months)
  • Exonet B.V. (for 52 months)
  • Leibniz Rechenzentrum (for 46 months)
  • CINECA (for 35 months)
  • Minist re de l Europe et des Affaires trang res (for 30 months)
  • Cloudways Ltd (for 19 months)
  • Dinahosting SL (for 17 months)
  • Bauer Xcel Media Deutschland KG (for 11 months)
  • Platform.sh (for 11 months)
  • Moxa Intelligence Co., Ltd. (for 5 months)
  • sipgate GmbH
  • OVH US LLC
  • Tilburg University
• Bronze sponsors:
  • Evolix (for 83 months)
  • Seznam.cz, a.s. (for 83 months)
  • Intevation GmbH (for 80 months)
  • Linuxhotel GmbH (for 80 months)
  • Daevel SARL (for 78 months)
  • Bitfolk LTD (for 77 months)
  • Megaspace Internet Services GmbH (for 77 months)
  • NUMLOG (for 77 months)
  • Greenbone Networks GmbH (for 76 months)
  • WinGo AG (for 76 months)
  • Ecole Centrale de Nantes LHEEA (for 72 months)
  • Entr ouvert (for 67 months)
  • Adfinis AG (for 65 months)
  • GNI MEDIA (for 59 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 59 months)
  • Tesorion (for 59 months)
  • Bearstech (for 50 months)
  • LiHAS (for 50 months)
  • People Doc (for 47 months)
  • Catalyst IT Ltd (for 45 months)
  • Supagro (for 40 months)
  • Demarcq SAS (for 39 months)
  • Universit Grenoble Alpes (for 25 months)
  • TouchWeb SAS (for 17 months)
  • SPiN AG (for 14 months)
  • CoreFiling (for 9 months)
  • Institut des sciences cognitives Marc Jeannerod (for 4 months)
  • Observatoire des Sciences de l Univers de Grenoble

In March I was assigned 16 hours of work by Freexian's Debian LTS initiative and carried over 12.25 hours from earlier months. I worked 25.75 hours and will carry over the remainder. I eventually settled on an apparently working patch series to fix the futex security issue in Linux 4.9. This went through upstream stable review and was included in 4.9.260. I applied the same fixes to the Debian package, along with some other security and regression fixes. I uploaded it and issued DLA-2586-1. Unfortunately the futex changes for Linux 4.9 still caused a regression (kernel WARNING in some circumstances). I worked to backport and test a further set of fixes that had already been applied to later kernel branches. These were included in upstream stable release 4.9.264 and should go into an updated Debian package soon. Following the Debian 10.9 point release, I also backported the updated Linux 4.19 package. I uploaded it and issued DLA-2610-1.

Like each month, have a look at the work funded by Freexian s Debian LTS offering. Debian project funding In February, we put aside 5475 EUR to fund Debian projects. The first project from this initiative was finished and thus Carles Pina was able to issue the first invoice! We are looking forward to receive more projects from various Debian teams and contributors. Learn more about the rationale behind this initiative in this article. Debian LTS contributors In February, 12 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 19.0h (out of 7h assigned and 12h from January).
• Ben Hutchings did 19h (out of 16h assigned and 15.25h from January), thus carrying over 12.25h to March.
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned).
• Emilio Pozuelo Monfort did not report back about their work so for now we assume they did nothing (out of 28h assigned plus 35.5h from January), thus is carrying over 63.5h for March.
• Holger Levsen did 6h coordinating/managing the LTS team.
• Markus Koschany did 23.25h (out of 23.25h assigned).
• Ola Lundqvist did 7h (out of 12h assigned and 10h from January) and gave back 5h, thus carrying over 10h to March.
• Roberto C. S nchez did 10.5h (out of 32h assigned), thus carrying over 21.5h to March.
• Sylvain Beucler did 30h (out of 30h assigned).
• Thorsten Alteholz did 30h (out of 30h assigned).
• Utkarsh Gupta did 60h (out of 60h assigned).

Evolution of the situation In February we released 28 DLAs (including one regression update) and we held an internal team meeting using video chat.
Finally, as every month we would like to remark once again that we are constantly looking for new contributors. Please contact Holger if you are interested! The security tracker currently lists 46 packages with a known CVE and the dla-needed.txt file has 34 packages needing an update. Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
• TOSHIBA (for 66 months)
• GitHub (for 56 months)
• Civil Infrastructure Platform (CIP) (for 34 months)
• Gold sponsors:
• Blablacar (for 81 months)
• Roche Diagnostics International AG (for 77 months)
• Linode (for 71 months)
• Babiel GmbH (for 60 months)
• Plat Home (for 59 months)
• University of Oxford (for 16 months)
• Deveryware (for 3 months)
• Silver sponsors:
• The Positive Internet Company (for 82 months)
• Domeneshop AS (for 81 months)
• Nantes M tropole (for 75 months)
• Univention GmbH (for 67 months)
• Universit Jean Monnet de St Etienne (for 67 months)
• Ribbon Communications, Inc. (for 61 months)
• Exonet B.V. (for 51 months)
• Leibniz Rechenzentrum (for 45 months)
• CINECA (for 34 months)
• Minist re de l Europe et des Affaires trang res (for 28 months)
• Cloudways Ltd (for 17 months)
• Dinahosting SL (for 15 months)
• Platform.sh (for 10 months)
• Bauer Xcel Media Deutschland KG (for 9 months)
• Moxa Intelligence Co., Ltd. (for 4 months)
• sipgate GmbH
• Bronze sponsors:
• Evolix (for 82 months)
• Seznam.cz, a.s. (for 82 months)
• Linuxhotel GmbH (for 79 months)
• Intevation GmbH (for 78 months)
• Daevel SARL (for 77 months)
• Bitfolk LTD (for 76 months)
• Megaspace Internet Services GmbH (for 76 months)
• Greenbone Networks GmbH (for 75 months)
• NUMLOG (for 75 months)
• WinGo AG (for 74 months)
• Ecole Centrale de Nantes LHEEA (for 71 months)
• Entr ouvert (for 66 months)
• Adfinis AG (for 63 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 58 months)
• Tesorion (for 58 months)
• GNI MEDIA (for 57 months)
• Bearstech (for 49 months)
• LiHAS (for 49 months)
• People Doc (for 45 months)
• Catalyst IT Ltd (for 44 months)
• Supagro (for 39 months)
• Demarcq SAS (for 38 months)
• Universit Grenoble Alpes (for 24 months)
• TouchWeb SAS (for 16 months)
• SPiN AG (for 12 months)
• CoreFiling (for 8 months)
• Institut des sciences cognitives Marc Jeannerod (for 3 months)

In January was assigned 7 hours of work by Freexian's Debian LTS initiative and carried over 8.5 hours from earlier months. However, I only used 0.25 hours of these to write December's report. In Feburary I was assigned another 16 hours to work, and have worked 19 hours. I will carry over the remaining hours to March. I uploaded a Linux 4.19 package update based on the recent security update for Debian 10 "buster", and issued DLA-2557-1 for this. I spent most of my time working on an update for Linux 4.9. However, some of the recent security fixes are not yet in a fully working state, so I have not been able to upload an update yet.

Like each month, have a look at the work funded by Freexian s Debian LTS offering. Debian project funding In January, we put aside 2175 EUR to fund Debian projects. As part of this Carles Pina i Estany started to work on better no-dsa support for the PTS which recently resulted in two merge requests which will hopefully be deployed soon. We re looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article. Debian LTS contributors In January, 13 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 9.0h (out of 14h assigned and 7h from December), thus carrying over 12h to February.
• Adrian Bunk did 14h (out of 26h assigned), thus carrying over 12h to February, which he then gave back.
• Ben Hutchings did 0.25h (out of 7h assigned and 8.5h from December), thus carrying over 15.25h to February.
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned).
• Emilio Pozuelo Monfort did not report back about their work so we assume they did nothing (out of 26h assigned plus 9.5h from December), thus is carrying over 35.5h for February.
• Holger Levsen did 6.5h coordinating/managing the LTS team..
• Markus Koschany did 36.75h (out of 26h assigned and 10.75h from December).
• Ola Lundqvist did 2.5h (out of 10.5h assigned and 11.5h from December) and gave back 9.5 hours, thus carrying over 10h to February.
• Roberto C. S nchez did 6h (out of 26h assigned), thus carrying over 20h to February, which he then gave back.
• Sylvain Beucler did 26h (out of 26h assigned).
• Thorsten Alteholz did 26h (out of 26h assigned).
• Utkarsh Gupta did 26h (out of 26h assigned).

Evolution of the situation In January we released 28 DLAs and held our first LTS team meeting for 2021 on IRC, with the next public IRC meeting coming up at the end of March. During that meeting Utkarsh shared that after he rolled out the python-certbot update (on December 8th 2020) the maintainer told him: I just checked with Let s Encrypt, and the stats show that you just saved 142,500 people from having their certificates start failing next month. I didn t know LTS was still that used!

Finally, we would like to welcome sipgate GmbH as a new silver sponsor. Also remember that we are constantly looking for new contributors. Please contact Holger if you are interested. The security tracker currently lists 43 packages with a known CVE and the dla-needed.txt file has 23 packages needing an update. Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
• TOSHIBA (for 65 months)
• GitHub (for 55 months)
• Civil Infrastructure Platform (CIP) (for 33 months)
• Gold sponsors:
• Blablacar (for 80 months)
• Roche Diagnostics International AG (for 76 months)
• Linode (for 70 months)
• Babiel GmbH (for 59 months)
• Plat Home (for 58 months)
• University of Oxford (for 15 months)
• Deveryware
• Silver sponsors:
• The Positive Internet Company (for 81 months)
• Domeneshop AS (for 80 months)
• Nantes M tropole (for 74 months)
• Univention GmbH (for 66 months)
• Universit Jean Monnet de St Etienne (for 66 months)
• Ribbon Communications, Inc. (for 60 months)
• Exonet B.V. (for 49 months)
• Leibniz Rechenzentrum (for 43 months)
• CINECA (for 33 months)
• Minist re de l Europe et des Affaires trang res (for 27 months)
• Cloudways Ltd (for 16 months)
• Dinahosting SL (for 14 months)
• Platform.sh (for 9 months)
• Bauer Xcel Media Deutschland KG (for 8 months)
• Moxa Intelligence Co., Ltd.
• sipgate GmbH
• Bronze sponsors:
• Seznam.cz, a.s. (for 81 months)
• Evolix (for 80 months)
• Linuxhotel GmbH (for 78 months)
• Intevation GmbH (for 77 months)
• Daevel SARL (for 76 months)
• Bitfolk LTD (for 75 months)
• Megaspace Internet Services GmbH (for 75 months)
• Greenbone Networks GmbH (for 74 months)
• NUMLOG (for 74 months)
• WinGo AG (for 73 months)
• Ecole Centrale de Nantes LHEEA (for 69 months)
• Entr ouvert (for 65 months)
• Adfinis AG (for 62 months)
• Tesorion (for 57 months)
• GNI MEDIA (for 56 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 56 months)
• Bearstech (for 48 months)
• LiHAS (for 48 months)
• People Doc (for 44 months)
• Catalyst IT Ltd (for 42 months)
• Supagro (for 38 months)
• Demarcq SAS (for 36 months)
• Universit Grenoble Alpes (for 22 months)
• TouchWeb SAS (for 14 months)
• SPiN AG (for 11 months)
• CoreFiling (for 7 months)
• Institut des sciences cognitives Marc Jeannerod

Like each month, have a look at the work funded by Freexian s Debian LTS offering. Debian project funding In December, we put aside 2100 EUR to fund Debian projects. The first project proposal (a tracker.debian.org improvement for the security team) was received and quickly approved by the paid contributors, then we opened a request for bids and the bid winner was announced today (it was easy, we had only one candidate). Hopefully this first project will be completed until our next report. We re looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article. Debian LTS contributors In December, 12 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 7.0h (out of 14h assigned), thus carrying over 7h to January.
• Ben Hutchings did 16.5h (out of 16h assigned and 9h from November), thus carrying over 8.5h to January.
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned), thus carrying over h to January.
• Emilio Pozuelo Monfort did 16.5h (out of 26h assigned), thus carrying over 9.5h to January.
• Holger Levsen did 3.5h coordinating/managing the LTS team.
• Markus Koschany did 26h (out of 26h assigned and 10.75h from November), thus carrying over 10.75 h to January.
• Ola Lundqvist did 9.5h (out of 12h assigned and 11h from November), thus carrying over 11.5h to January.
• Roberto C. S nchez did 18.5h (out of 26h assigned and 2.25h from November) and gave back the remaining 9.75h.
• Sylvain Beucler did 26h (out of 26h assigned).
• Thorsten Alteholz did 26h (out of 26h assigned).
• Utkarsh Gupta did 26h (out of 26h assigned).

Evolution of the situation December was a quiet month as we didn t have a team meeting nor any other unusual activity and we released 43 DLAs. The security tracker currently lists 30 packages with a known CVE and the dla-needed.txt file has 25 packages needing an update. This month we are pleased to welcome Deveryware as new sponsor! Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
• TOSHIBA (for 64 months)
• GitHub (for 54 months)
• Civil Infrastructure Platform (CIP) (for 32 months)
• Gold sponsors:
• Blablacar (for 79 months)
• Roche Diagnostics International AG (for 75 months)
• Linode (for 69 months)
• Babiel GmbH (for 58 months)
• Plat Home (for 57 months)
• University of Oxford (for 14 months)
• Deveryware
• Silver sponsors:
• The Positive Internet Company (for 80 months)
• Domeneshop AS (for 79 months)
• Nantes M tropole (for 73 months)
• Univention GmbH (for 65 months)
• Universit Jean Monnet de St Etienne (for 65 months)
• Ribbon Communications, Inc. (for 59 months)
• Exonet B.V. (for 48 months)
• Leibniz Rechenzentrum (for 42 months)
• CINECA (for 32 months)
• Minist re de l Europe et des Affaires trang res (for 26 months)
• Cloudways Ltd (for 15 months)
• Dinahosting SL (for 13 months)
• Platform.sh (for 8 months)
• Bauer Xcel Media Deutschland KG (for 7 months)
• Moxa Intelligence Co., Ltd.
• Bronze sponsors:
• Seznam.cz, a.s. (for 80 months)
• Evolix (for 79 months)
• Linuxhotel GmbH (for 77 months)
• Intevation GmbH (for 76 months)
• Daevel SARL (for 75 months)
• Bitfolk LTD (for 74 months)
• Megaspace Internet Services GmbH (for 74 months)
• Greenbone Networks GmbH (for 73 months)
• NUMLOG (for 73 months)
• WinGo AG (for 72 months)
• Ecole Centrale de Nantes LHEEA (for 69 months)
• Entr ouvert (for 64 months)
• Adfinis AG (for 61 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 56 months)
• Tesorion (for 56 months)
• GNI MEDIA (for 55 months)
• Bearstech (for 47 months)
• LiHAS (for 47 months)
• People Doc (for 43 months)
• Catalyst IT Ltd (for 41 months)
• Supagro (for 37 months)
• Demarcq SAS (for 35 months)
• Universit Grenoble Alpes (for 22 months)
• TouchWeb SAS (for 14 months)
• SPiN AG (for 10 months)
• CoreFiling (for 6 months)
• Institut des sciences cognitives Marc Jeannerod

I was assigned 16 hours of work by Freexian's Debian LTS initiative and carried over 9 hours from earlier months. I worked 16.5 hours this month, so I will carry over 8.5 hours to January. (Updated: corrected number of hours worked.) I updated linux-4.19 to include the changes in the Debian 10.7 point release, uploaded the package, and issued DLA-2483-1 for this. I picked some regression fixes from the Linux 4.9 stable branch to the linux package, and uploaded the package. This unfortunately failed to build on arm64 due to some upstream changes uncovering an old bug, so I made a second upload fixing that. I issued DLA-2494-1 for this. I updated the linux packaging branch for stretch to Linux 4.9.249, but haven't made another package upload yet.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In November, 239.25 work hours have been dispatched among 13 paid contributors. Their reports are available:

• Abhijith PA did 12.0h (out of 12h assigned).
• Adrian Bunk did 13h (out of 22.75h assigned and 19.5h from October) and gave back 6.5h, thus carrying over 22.75h to December.
• Ben Hutchings did 11.5h (out of 16h assigned and 4.5h from October), thus carrying over 9h to December.
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned).
• Emilio Pozuelo Monfort did 22.75h (out of 22.75h assigned).
• Holger Levsen did 8.0h coordinating/managing the LTS team.
• Markus Koschany did 12h (out of 22.75h assigned), thus carrying over 10.75h to December.
• Ola Lundqvist did 1h (out of 12h assigned), thus carrying over 11h to December.
• Roberto C. S nchez did 20.5h (out of 22.75h assigned), thus carrying over 2.25h to December.
• Sylvain Beucler did 22.75h (out of 22.75h assigned).
• Thorsten Alteholz did 22.75h (out of 22.75h assigned).
• Utkarsh Gupta did 22.75h (out of 22.75h assigned).

Evolution of the situation In November we held the last LTS team meeting for 2020 on IRC, with the next one coming up at the end of January.
We announced a new formalized initiative for Funding Debian projects with money from Freexian s LTS service.
Finally, we would like to remark once again that we are constantly looking for new contributors. Please contact Holger if you are interested! We re also glad to welcome two new sponsors, Moxa, a device manufacturer, and a French research lab (Institut des Sciences Cognitives Marc Jeannerod). The security tracker currently lists 37 packages with a known CVE and the dla-needed.txt file has 40 packages needing an update. Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
• TOSHIBA (for 63 months)
• GitHub (for 53 months)
• Civil Infrastructure Platform (CIP) (for 31 months)
• Gold sponsors:
• Blablacar (for 78 months)
• Roche Diagnostics International AG (for 74 months)
• Linode (for 68 months)
• Babiel GmbH (for 57 months)
• Plat Home (for 56 months)
• University of Oxford (for 13 months)
• Silver sponsors:
• The Positive Internet Company (for 79 months)
• Domeneshop AS (for 78 months)
• Nantes M tropole (for 72 months)
• Univention GmbH (for 64 months)
• Universit Jean Monnet de St Etienne (for 64 months)
• Ribbon Communications, Inc. (for 58 months)
• Exonet B.V. (for 47 months)
• Leibniz Rechenzentrum (for 41 months)
• CINECA (for 31 months)
• Minist re de l Europe et des Affaires trang res (for 25 months)
• Cloudways Ltd (for 14 months)
• Dinahosting SL (for 12 months)
• Platform.sh (for 7 months)
• Bauer Xcel Media Deutschland KG (for 6 months)
• Moxa Intelligence Co., Ltd.
• Bronze sponsors:
• Seznam.cz, a.s. (for 79 months)
• Evolix (for 78 months)
• Linuxhotel GmbH (for 76 months)
• Intevation GmbH (for 75 months)
• Daevel SARL (for 74 months)
• Bitfolk LTD (for 73 months)
• Megaspace Internet Services GmbH (for 73 months)
• Greenbone Networks GmbH (for 72 months)
• NUMLOG (for 72 months)
• WinGo AG (for 71 months)
• Ecole Centrale de Nantes LHEEA (for 68 months)
• Entr ouvert (for 63 months)
• Adfinis AG (for 60 months)
• Tesorion (for 55 months)
• GNI MEDIA (for 54 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 54 months)
• Bearstech (for 46 months)
• LiHAS (for 46 months)
• People Doc (for 42 months)
• Catalyst IT Ltd (for 40 months)
• Supagro (for 36 months)
• Demarcq SAS (for 34 months)
• Universit Grenoble Alpes (for 21 months)
• TouchWeb SAS (for 12 months)
• SPiN AG (for 9 months)
• CoreFiling (for 5 months)
• Institut des sciences cognitives Marc Jeannerod

One comment Liked this article? Click here. My blog is Flattr-enabled.

I was assigned 16 hours of work by Freexian's Debian LTS initiative and carried over 4.5 hours from earlier months. I worked 11.5 hours this month, so I will carry over 9 hours to December. I continued working on backporting fixes for some less urgent security issues in Linux 4.9. I had to give up on some filesystem fixes as they caused regressions. The others have now been applied to the 4.9 stable branch at kernel.org. I updated the linux packaging branch for stretch to Linux 4.9.246, but haven't made a new package upload yet.

Like each month, here comes a report about the work of paid contributors to Debian LTS. Individual reports In October, 221.50 work hours have been dispatched among 13 paid contributors. Their reports are available:

• Abhijith PA did 16.0h (out of 14h assigned and 2h from September).
• Adrian Bunk did 7h (out of 20.75h assigned and 5.75h from September), thus carrying over 19.5h to November.
• Ben Hutchings did 11.5h (out of 6.25h assigned and 9.75h from September), thus carrying over 4.5h to November.
• Brian May did 10h (out of 10h assigned).
• Chris Lamb did 18h (out of 18h assigned).
• Emilio Pozuelo Monfort did 20.75h (out of 20.75h assigned).
• Holger Levsen did 7.0h coordinating/managing the LTS team.
• Markus Koschany did 20.75h (out of 20.75h assigned).
• Mike Gabriel gave back the 8h he was assigned. See below
• Ola Lundqvist did 10.5h (out of 8h assigned and 2.5h from September).
• Roberto C. S nchez did 13.5h (out of 20.75h assigned) and gave back 7.25h to the pool.
• Sylvain Beucler did 20.75h (out of 20.75h assigned).
• Thorsten Alteholz did 20.75h (out of 20.75h assigned).
• Utkarsh Gupta did 20.75h (out of 20.75h assigned).

Evolution of the situation October was a regular LTS month with a LTS team meeting done via video chat thus there s no log to be shared. After more than five years of contributing to LTS (and ELTS), Mike Gabriel announced that he founded a new company called Frei(e) Software GmbH and thus would leave us to concentrate on this new endeavor. Best of luck with that, Mike! So, once again, this is a good moment to remind that we are constantly looking for new contributors. Please contact Holger if you are interested! The security tracker currently lists 42 packages with a known CVE and the dla-needed.txt file has 39 packages needing an update. Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
• TOSHIBA (for 62 months)
• GitHub (for 52 months)
• Civil Infrastructure Platform (CIP) (for 30 months)
• Gold sponsors:
• Blablacar (for 77 months)
• Roche Diagnostics International AG (for 73 months)
• Linode (for 67 months)
• Babiel GmbH (for 56 months)
• Plat Home (for 55 months)
• University of Oxford (for 12 months)
• Silver sponsors:
• The Positive Internet Company (for 78 months)
• Domeneshop AS (for 77 months)
• Nantes M tropole (for 71 months)
• Univention GmbH (for 63 months)
• Universit Jean Monnet de St Etienne (for 63 months)
• Ribbon Communications, Inc. (for 57 months)
• Exonet B.V. (for 46 months)
• Leibniz Rechenzentrum (for 40 months)
• CINECA (for 30 months)
• Minist re de l Europe et des Affaires trang res (for 24 months)
• Cloudways Ltd (for 13 months)
• Dinahosting SL (for 11 months)
• Platform.sh (for 6 months)
• Bauer Xcel Media Deutschland KG (for 5 months)
• Bronze sponsors:
• Seznam.cz, a.s. (for 78 months)
• Evolix (for 77 months)
• Linuxhotel GmbH (for 75 months)
• Intevation GmbH (for 74 months)
• Daevel SARL (for 73 months)
• Bitfolk LTD (for 72 months)
• Megaspace Internet Services GmbH (for 72 months)
• Greenbone Networks GmbH (for 71 months)
• NUMLOG (for 71 months)
• WinGo AG (for 70 months)
• Ecole Centrale de Nantes LHEEA (for 66 months)
• Entr ouvert (for 62 months)
• Adfinis AG (for 59 months)
• Tesorion (for 54 months)
• GNI MEDIA (for 53 months)
• Laboratoire LEGI UMR 5519 / CNRS (for 53 months)
• Bearstech (for 45 months)
• LiHAS (for 45 months)
• People Doc (for 41 months)
• Catalyst IT Ltd (for 39 months)
• Supagro (for 35 months)
• Demarcq SAS (for 33 months)
• Universit Grenoble Alpes (for 19 months)
• TouchWeb SAS (for 11 months)
• SPiN AG (for 8 months)
• CoreFiling (for 4 months)

No comment Liked this article? Click here. My blog is Flattr-enabled.

I was assigned 6.25 hours of work by Freexian's Debian LTS initiative and carried over 17.5 hours from earlier months. I worked 11.5 hours this month and returned 7.75 hours to the pool, so I will carry over 4.5 hours to December. I updated linux-4.19 to include the changes in DSA-4772-1, and issued DLA-2417-1 for this. I updated linux (4.9 kernel) to include upstream stable fixes, and issued DLA-2420-1. This resulted in a regression on some Xen PV environments. Ian Jackson identified the upstream fix for this, which had not yet been applied to all the stable branches that needed it. I made a further update with just that fix, and issued DLA-2420-2. I have also been working to backport fixes for some less urgent security issues in Linux 4.9, but have not yet applied those fixes.