Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In February, 18 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 10.0h (out of 14.0h assigned), thus carrying over 4.0h to the next month.
• Adrian Bunk did 13.5h (out of 24.25h assigned and 41.75h from previous period), thus carrying over 52.5h to the next month.
• Bastien Roucari s did 20.0h (out of 20.0h assigned).
• Ben Hutchings did 2.0h (out of 14.5h assigned and 9.5h from previous period), thus carrying over 22.0h to the next month.
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Daniel Leidert did 10.0h (out of 10.0h assigned).
• Emilio Pozuelo Monfort did 3.0h (out of 28.25h assigned and 31.75h from previous period), thus carrying over 57.0h to the next month.
• Guilhem Moulin did 7.25h (out of 4.75h assigned and 15.25h from previous period), thus carrying over 12.75h to the next month.
• Holger Levsen did 0.5h (out of 3.5h assigned and 8.5h from previous period), thus carrying over 11.5h to the next month.
• Lee Garrett did 0.0h (out of 18.25h assigned and 41.75h from previous period), thus carrying over 60.0h to the next month.
• Markus Koschany did 40.0h (out of 40.0h assigned).
• Roberto C. S nchez did 3.5h (out of 8.75h assigned and 3.25h from previous period), thus carrying over 8.5h to the next month.
• Santiago Ruano Rinc n did 13.5h (out of 13.5h assigned and 2.5h from previous period), thus carrying over 2.5h to the next month.
• Sean Whitton did 4.5h (out of 0.5h assigned and 5.5h from previous period), thus carrying over 1.5h to the next month.
• Sylvain Beucler did 24.5h (out of 27.75h assigned and 32.25h from previous period), thus carrying over 35.5h to the next month.
• Thorsten Alteholz did 14.0h (out of 14.0h assigned).
• Tobias Frost did 12.0h (out of 12.0h assigned).
• Utkarsh Gupta did 11.25h (out of 26.75h assigned and 33.25h from previous period), thus carrying over 48.75 to the next month.

Evolution of the situation In February, we have released 17 DLAs. The number of DLAs published during February was a bit lower than usual, as there was much work going on in the area of triaging CVEs (a number of which turned out to not affect Debia buster, and others which ended up being duplicates, or otherwise determined to be invalid). Of the packages which did receive updates, notable were sudo (to fix a privilege management issue), and iwd and wpa (both of which suffered from authentication bypass vulnerabilities). While this has already been already announced in the Freexian blog, we would like to mention here the start of the Long Term Support project for Samba 4.17. You can find all the important details in that post, but we would like to highlight that it is thanks to our LTS sponsors that we are able to fund the work from our partner, Catalyst, towards improving the security support of Samba in Debian 12 (Bookworm).

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 102 months)
  • Civil Infrastructure Platform (CIP) (for 70 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 113 months)
  • Linode (for 107 months)
  • Babiel GmbH (for 96 months)
  • Plat Home (for 96 months)
  • CINECA (for 70 months)
  • University of Oxford (for 52 months)
  • Deveryware (for 39 months)
  • VyOS Inc (for 34 months)
  • EDF SA (for 23 months)
• Silver sponsors:
  • Domeneshop AS (for 117 months)
  • Nantes M tropole (for 112 months)
  • Univention GmbH (for 103 months)
  • Universit Jean Monnet de St Etienne (for 103 months)
  • Ribbon Communications, Inc. (for 97 months)
  • Exonet B.V. (for 87 months)
  • Leibniz Rechenzentrum (for 81 months)
  • Minist re de l Europe et des Affaires trang res (for 64 months)
  • Cloudways by DigitalOcean (for 54 months)
  • Dinahosting SL (for 52 months)
  • Bauer Xcel Media Deutschland KG (for 46 months)
  • Platform.sh SAS (for 46 months)
  • Moxa Inc. (for 40 months)
  • sipgate GmbH (for 37 months)
  • OVH US LLC (for 35 months)
  • Tilburg University (for 35 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 27 months)
  • Soliton Systems K.K. (for 24 months)
• Bronze sponsors:
  • Evolix (for 118 months)
  • Seznam.cz, a.s. (for 118 months)
  • Intevation GmbH (for 115 months)
  • Linuxhotel GmbH (for 115 months)
  • Daevel SARL (for 113 months)
  • Bitfolk LTD (for 112 months)
  • Megaspace Internet Services GmbH (for 112 months)
  • NUMLOG (for 112 months)
  • Greenbone AG (for 111 months)
  • WinGo AG (for 111 months)
  • Ecole Centrale de Nantes - LHEEA (for 107 months)
  • Entr ouvert (for 102 months)
  • Adfinis AG (for 99 months)
  • GNI MEDIA (for 94 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 94 months)
  • Tesorion (for 94 months)
  • Bearstech (for 85 months)
  • LiHAS (for 85 months)
  • Catalyst IT Ltd (for 80 months)
  • Supagro (for 75 months)
  • Demarcq SAS (for 74 months)
  • Universit Grenoble Alpes (for 60 months)
  • TouchWeb SAS (for 52 months)
  • SPiN AG (for 49 months)
  • CoreFiling (for 44 months)
  • Institut des sciences cognitives Marc Jeannerod (for 39 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 36 months)
  • Tem Innovations GmbH (for 31 months)
  • WordFinder.pro (for 30 months)
  • CNRS DT INSU R sif (for 29 months)
  • Alter Way (for 22 months)
  • Institut Camille Jordan (for 11 months)

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In August, 19 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 0.0h (out of 12.0h assigned and 2.0h from previous period), thus carrying over 14.0h to the next month.
• Adrian Bunk did 18.5h (out of 18.5h assigned).
• Anton Gladky did 7.5h (out of 5.0h assigned and 10.0h from previous period), thus carrying over 7.5h to the next month.
• Bastien Roucari s did 17.0h (out of 15.5h assigned and 3.0h from previous period), thus carrying over 1.5h to the next month.
• Ben Hutchings did 18.5h (out of 9.0h assigned and 9.5h from previous period).
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Emilio Pozuelo Monfort did 18.5h (out of 18.25h assigned and 0.25h from previous period).
• Guilhem Moulin did 24.0h (out of 22.5h assigned and 1.5h from previous period).
• Jochen Sprickerhof did 2.5h (out of 8.5h assigned and 10.0h from previous period), thus carrying over 16.0h to the next month.
• Lee Garrett did 18.0h (out of 9.25h assigned and 9.25h from previous period), thus carrying over 0.5h to the next month.
• Markus Koschany did 28.5h (out of 28.5h assigned).
• Ola Lundqvist did 0.0h (out of 0h assigned and 24.0h from previous period), thus carrying over 24.0h to the next month.
• Roberto C. S nchez did 18.5h (out of 13.0h assigned and 5.5h from previous period).
• Santiago Ruano Rinc n did 18.5h (out of 18.25h assigned and 0.25h from previous period).
• Sean Whitton did 7.0h (out of 10.0h assigned), thus carrying over 3.0h to the next month.
• Sylvain Beucler did 18.5h (out of 9.75h assigned and 8.75h from previous period).
• Thorsten Alteholz did 14.0h (out of 14.0h assigned).
• Tobias Frost did 16.0h (out of 16.0h assigned).
• Utkarsh Gupta did 12.25h (out of 0h assigned and 12.25h from previous period).

Evolution of the situation In August, we have released 42 DLAs. The month of August turned out to be a rather quiet month for the LTS team. Three notable updates were to bouncycastle, openssl, and zabbix. In the case of bouncycastle a flaw allowed for the possibility of LDAP injection and the openssl update corrected a resource exhaustion bug that could result in a denial of service. Zabbix, while not widely used, was the subject of several vulnerabilities which while not individually severe did combine to result in the zabbix update being of particular note. Apart from those, the LTS team continued the always ongoing work of triaging, investigating, and fixing vulnerabilities, as well as making contributions to the broader Debian and Free Software communities.

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 96 months)
  • Civil Infrastructure Platform (CIP) (for 64 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 107 months)
  • Linode (for 101 months)
  • Babiel GmbH (for 90 months)
  • Plat Home (for 90 months)
  • University of Oxford (for 46 months)
  • Deveryware (for 33 months)
  • VyOS Inc (for 28 months)
  • EDF SA (for 17 months)
• Silver sponsors:
  • Domeneshop AS (for 111 months)
  • Nantes M tropole (for 105 months)
  • Univention GmbH (for 97 months)
  • Universit Jean Monnet de St Etienne (for 97 months)
  • Ribbon Communications, Inc. (for 91 months)
  • Exonet B.V. (for 81 months)
  • Leibniz Rechenzentrum (for 75 months)
  • CINECA (for 64 months)
  • Minist re de l Europe et des Affaires trang res (for 58 months)
  • Cloudways Ltd (for 48 months)
  • Dinahosting SL (for 46 months)
  • Bauer Xcel Media Deutschland KG (for 40 months)
  • Platform.sh (for 40 months)
  • Moxa Inc. (for 34 months)
  • sipgate GmbH (for 31 months)
  • OVH US LLC (for 29 months)
  • Tilburg University (for 29 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 20 months)
  • Soliton Systems K.K. (for 18 months)
• Bronze sponsors:
  • Evolix (for 112 months)
  • Seznam.cz, a.s. (for 112 months)
  • Linuxhotel GmbH (for 109 months)
  • Intevation GmbH (for 108 months)
  • Daevel SARL (for 107 months)
  • Bitfolk LTD (for 106 months)
  • Megaspace Internet Services GmbH (for 106 months)
  • Greenbone AG (for 105 months)
  • NUMLOG (for 105 months)
  • WinGo AG (for 105 months)
  • Ecole Centrale de Nantes - LHEEA (for 101 months)
  • Entr ouvert (for 96 months)
  • Adfinis AG (for 93 months)
  • GNI MEDIA (for 88 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 88 months)
  • Tesorion (for 88 months)
  • Bearstech (for 79 months)
  • LiHAS (for 79 months)
  • Catalyst IT Ltd (for 74 months)
  • Supagro (for 69 months)
  • Demarcq SAS (for 68 months)
  • Universit Grenoble Alpes (for 54 months)
  • TouchWeb SAS (for 46 months)
  • SPiN AG (for 43 months)
  • CoreFiling (for 38 months)
  • Institut des sciences cognitives Marc Jeannerod (for 33 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 30 months)
  • Tem Innovations GmbH (for 24 months)
  • WordFinder.pro (for 24 months)
  • CNRS DT INSU R sif (for 23 months)
  • Alter Way (for 16 months)
  • Institut Camille Jordan (for 5 months)

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In July, 18 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 0.0h (out of 0h assigned and 2.0h from previous period), thus carrying over 2.0h to the next month.
• Adrian Bunk did 24.75h (out of 18.25h assigned and 6.5h from previous period).
• Anton Gladky did 5.0h (out of 5.0h assigned and 10.0h from previous period), thus carrying over 10.0h to the next month.
• Bastien Roucari s did 17.0h (out of 17.0h assigned and 3.0h from previous period), thus carrying over 3.0h to the next month.
• Ben Hutchings did 14.0h (out of 24.0h assigned), thus carrying over 9.5h to the next month.
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Emilio Pozuelo Monfort did 24.0h (out of 24.75h assigned), thus carrying over 0.25h to the next month.
• Guilhem Moulin did 23.25h (out of 24.75h assigned), thus carrying over 1.5h to the next month.
• Jochen Sprickerhof did 10.0h (out of 20.0h assigned), thus carrying over 10.0h to the next month.
• Lee Garrett did 16.0h (out of 9.75h assigned and 15.5h from previous period), thus carrying over 9.25h to the next month.
• Markus Koschany did 24.75h (out of 24.75h assigned).
• Ola Lundqvist did 0.0h (out of 13.0h assigned and 11.0h from previous period), thus carrying over 24.0h to the next month.
• Roberto C. S nchez did 19.25h (out of 14.75h assigned and 10.0h from previous period), thus carrying over 5.5h to the next month.
• Santiago Ruano Rinc n did 25.5h (out of 10.5h assigned and 15.25h from previous period), thus carrying over 0.25h to the next month.
• Sylvain Beucler did 16.0h (out of 21.25h assigned and 3.5h from previous period), thus carrying over 8.75h to the next month.
• Thorsten Alteholz did 14.0h (out of 14.0h assigned).
• Tobias Frost did 16.0h (out of 16.0h assigned).
• Utkarsh Gupta did 1.5h (out of 0h assigned and 13.75h from previous period), thus carrying over 12.25h to the next month.

Evolution of the situation In July, we have released 35 DLAs. LTS contributor Lee Garrett, has continued his hard work to prepare a testing framework for Samba, that can now provision bootable VMs with little effort, both for Debian and for Windows. This work included the introduction of a new package to Debian, rhsrvany, which allows turning any Windows program or script into a Windows service. As the Samba testing framework matures it will be possible to perform functional tests which cannot be performed with other available test mechanisms and aspects of this framework will be generalizable to other package ecosystems beyond Samba. July included a notable security update of bind9 by LTS contributor Chris Lamb. This update addressed a potential denial of service attack in this critical network infrastructure component.

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 95 months)
  • Civil Infrastructure Platform (CIP) (for 63 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 106 months)
  • Linode (for 100 months)
  • Babiel GmbH (for 89 months)
  • Plat Home (for 89 months)
  • University of Oxford (for 45 months)
  • Deveryware (for 32 months)
  • VyOS Inc (for 27 months)
  • EDF SA (for 16 months)
• Silver sponsors:
  • Domeneshop AS (for 110 months)
  • Nantes M tropole (for 104 months)
  • Univention GmbH (for 96 months)
  • Universit Jean Monnet de St Etienne (for 96 months)
  • Ribbon Communications, Inc. (for 90 months)
  • Exonet B.V. (for 80 months)
  • Leibniz Rechenzentrum (for 74 months)
  • CINECA (for 63 months)
  • Minist re de l Europe et des Affaires trang res (for 57 months)
  • Cloudways Ltd (for 47 months)
  • Dinahosting SL (for 45 months)
  • Bauer Xcel Media Deutschland KG (for 39 months)
  • Platform.sh (for 39 months)
  • Moxa Inc. (for 33 months)
  • sipgate GmbH (for 30 months)
  • OVH US LLC (for 28 months)
  • Tilburg University (for 28 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 20 months)
  • Soliton Systems K.K. (for 17 months)
• Bronze sponsors:
  • Evolix (for 111 months)
  • Seznam.cz, a.s. (for 111 months)
  • Intevation GmbH (for 108 months)
  • Linuxhotel GmbH (for 108 months)
  • Daevel SARL (for 106 months)
  • Bitfolk LTD (for 105 months)
  • Megaspace Internet Services GmbH (for 105 months)
  • Greenbone AG (for 104 months)
  • NUMLOG (for 104 months)
  • WinGo AG (for 104 months)
  • Ecole Centrale de Nantes - LHEEA (for 100 months)
  • Entr ouvert (for 95 months)
  • Adfinis AG (for 92 months)
  • GNI MEDIA (for 87 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 87 months)
  • Tesorion (for 87 months)
  • Bearstech (for 78 months)
  • LiHAS (for 78 months)
  • Catalyst IT Ltd (for 73 months)
  • Supagro (for 68 months)
  • Demarcq SAS (for 67 months)
  • Universit Grenoble Alpes (for 53 months)
  • TouchWeb SAS (for 45 months)
  • SPiN AG (for 42 months)
  • CoreFiling (for 37 months)
  • Institut des sciences cognitives Marc Jeannerod (for 32 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 29 months)
  • Tem Innovations GmbH (for 24 months)
  • WordFinder.pro (for 23 months)
  • CNRS DT INSU R sif (for 22 months)
  • Alter Way (for 15 months)
  • Institut Camille Jordan (for 4 months)

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In February, 15 contributors have been paid to work on Debian LTS, their reports are available:

• Adrian Bunk did 22.0h (out of 32.25h assigned), thus carrying over 10.25h to the next month.
• Anton Gladky did 9.75h (out of 11.5h assigned and 3.5h from previous period), thus carrying over 5.25h to the next month.
• Ben Hutchings did 8.0h (out of 8.0h assigned and 16.0h from previous period), thus carrying over 16.0h to the next month.
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Emilio Pozuelo Monfort did 26.25h (out of 0h assigned and 35.0h from previous period), thus carrying over 8.75h to the next month.
• Guilhem Moulin did 20.0h (out of 20.0h assigned).
• Helmut Grohne did 5.0h (out of 5.0h assigned and 5.0h from previous period), thus carrying over 5.0h to the next month.
• Lee Garrett did 26.75h (out of 19.75h assigned and 12.5h from previous period), thus carrying over 5.5h to the next month.
• Markus Koschany did 32.25h (out of 32.25h assigned).
• Ola Lundqvist did 11.5h (out of 12.5h assigned and 11.5h from previous period), thus carrying over 12.5h to the next month.
• Roberto C. S nchez did 5.0h (out of 9.5h assigned and 22.5h from previous period), thus carrying over 27.0h to the next month.
• Sylvain Beucler did 32.0h (out of 17.25h assigned and 15.0h from previous period), thus carrying over 0.25h to the next month.
• Thorsten Alteholz did 8.0h (out of 14.0h assigned), thus carrying over 6.0h to the next month.
• Tobias Frost did 16.0h (out of 16.0h assigned).
• Utkarsh Gupta did 24.25h (out of 49.25h assigned), thus carrying over 8.0h to the next month.

Evolution of the situation In February, we have released 44 DLAs, which resolved 156 CVEs. We are glad to welcome some new contributors who will hopefully help us fix CVEs in the supported release even faster. However, we also experienced some setbacks as a few sponsors have stopped (or decreased) their support. If your company ever hesitated to sponsor Debian LTS, now might be a good time to join to ensure that we can continue this important work without having to scale down on the number of packages that we are able to support.

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 90 months)
  • Civil Infrastructure Platform (CIP) (for 58 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 101 months)
  • Linode (for 95 months)
  • Babiel GmbH (for 84 months)
  • Plat Home (for 84 months)
  • University of Oxford (for 40 months)
  • Deveryware (for 27 months)
  • VyOS Inc (for 22 months)
  • EDF SA (for 11 months)
• Silver sponsors:
  • Domeneshop AS (for 105 months)
  • Nantes M tropole (for 100 months)
  • Univention GmbH (for 91 months)
  • Universit Jean Monnet de St Etienne (for 91 months)
  • Ribbon Communications, Inc. (for 85 months)
  • Exonet B.V. (for 75 months)
  • Leibniz Rechenzentrum (for 69 months)
  • CINECA (for 58 months)
  • Minist re de l Europe et des Affaires trang res (for 52 months)
  • Cloudways Ltd (for 42 months)
  • Dinahosting SL (for 40 months)
  • Bauer Xcel Media Deutschland KG (for 34 months)
  • Platform.sh (for 34 months)
  • Moxa Inc. (for 28 months)
  • sipgate GmbH (for 25 months)
  • OVH US LLC (for 23 months)
  • Tilburg University (for 23 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 15 months)
  • Soliton Systems K.K. (for 12 months)
• Bronze sponsors:
  • Evolix (for 106 months)
  • Seznam.cz, a.s. (for 106 months)
  • Intevation GmbH (for 103 months)
  • Linuxhotel GmbH (for 103 months)
  • Daevel SARL (for 101 months)
  • Bitfolk LTD (for 100 months)
  • Megaspace Internet Services GmbH (for 100 months)
  • NUMLOG (for 100 months)
  • Greenbone AG (for 99 months)
  • WinGo AG (for 99 months)
  • Ecole Centrale de Nantes - LHEEA (for 95 months)
  • Entr ouvert (for 90 months)
  • Adfinis AG (for 87 months)
  • GNI MEDIA (for 82 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 82 months)
  • Tesorion (for 82 months)
  • Bearstech (for 73 months)
  • LiHAS (for 73 months)
  • Catalyst IT Ltd (for 68 months)
  • Supagro (for 63 months)
  • Demarcq SAS (for 62 months)
  • Universit Grenoble Alpes (for 48 months)
  • TouchWeb SAS (for 40 months)
  • SPiN AG (for 37 months)
  • CoreFiling (for 32 months)
  • Institut des sciences cognitives Marc Jeannerod (for 27 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 24 months)
  • Tem Innovations GmbH (for 19 months)
  • WordFinder.pro (for 18 months)
  • CNRS DT INSU R sif (for 17 months)
  • Alter Way (for 10 months)

Here s my (forty-first) monthly but brief update about the activities I ve done in the F/L/OSS world.

Debian

This was my 50th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas 19! \o/ There s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:

Uploads

• ruby-delayed-job (4.1.9-1~bpo11+1) - Backport to bullseye.
• ruby-delayed-job-active-record (4.1.6-3~bpo11+1) - Backport to bullseye.
• ruby-globalid (0.6.0-1~bpo11+1) - Backport to bullseye.
• ruby-tzinfo (2.0.4-1~bpo11+2) - Backport to bullseye.
• rails (2:6.1.7+dfsg-3~bpo11+1) - Backport to bullseye.
• ruby-commonmarker (0.23.6-1~bpo11+1) - Backport to bullseye.
• ruby-csv (3.2.2-1~bpo11+1) - Backport to bullseye.
• ruby-task-list (2.3.2-2~bpo11+1) - Backport to bullseye.
• ruby-i18n (1.10.0-2~bpo11+1) - Backport to bullseye.
• ruby-mini-magick (4.11.0-1~bpo11+1) - Backport to bullseye.
• ruby-net-ldap (0.17.0-1~bpo11+1) - Backport to bullseye.
• ruby-roadie-rails (3.0.0-1~bpo11+1) - Backport to bullseye.
• ruby-roadie (5.1.0-1~bpo11+1) - Backport to bullseye.
• ruby-sanitize (6.0.0-1~bpo11+1) - Backport to bullseye.
• ruby-nokogiri (1.13.1+dfsg-2~bpo11+1) - Backport to bullseye.
• ruby-mini-portile2 (2.8.0-1~bpo11+2) - Backport to bullseye.
• ruby-webrick (1.7.0-3~bpo11+2) - Backport to bullseye.
• ruby-zip (2.3.0-2~bpo11+1) - Backport to bullseye.
• gem2deb (2.1~bpo11+1) - Backport to bullseye.
• ruby-actionpack-action-caching (1.2.2-1~bpo11+1) - Backport to bullseye.
• ruby-nokogiri (1.13.5+dfsg-2~bpo11+1) - Backport to bullseye.
• redmine (5.0.4-2~bpo11+1) - Backport to bullseye.
• rails (2:6.1.7+dfsg-3~bpo11+2) - Backport to bullseye.
• ruby-roadie-rails (3.0.0-1~bpo11+2) - Backport to bullseye.
• redmine (5.0.4-4~bpo11+1) - Backport to bullseye.
• redmine (5.0.4-5~bpo11+1) - Backport to bullseye.
• ruby-web-console (4.2.0-1~bpo11+1) - Backport to bullseye.
• libyang2 (2.1.30-2) - Adding DEP8 test for yangre.
• redmine (5.0.4-3) - Add patch to stop unnecessary recursive chown ing (Fixes: #1022816, #1022817).
• redmine (5.0.4-4) - Set DH_RUBY_IGNORE_TESTS to all (Fixes: #1031308).
• python-jira (3.4.1-1) - New upstream version, v3.4.1.

Others

• Looked up some Release team documentation.
• Sponsored php-font-lib and php-dompdf-svg-lib for William.
• Granted DM rights for php-dompdf.
• Mentoring for newcomers.
• Reviewed micro bits for Nilesh, new uploads and changes.
• Ruby sprints.
• Bug work (on BTS and #debian-ruby) for rails and redmine.
• Moderation of -project mailing list.

A huge thanks to Freexian for sponsoring my Debian work and Entrouvert for sponsoring the Redmine backports. :D

---

Ubuntu

This was my 25th month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there s a bunch of things I do! \o/ I mostly worked on different things, I guess. I was too lazy to maintain a list of things I worked on so there s no concrete list atm. Maybe I ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

---

Debian (E)LTS

Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success. And Debian Extended LTS (ELTS) is its sister project, extending support to the stretch and jessie release (+2 years after LTS support). This was my forty-first month as a Debian LTS and thirty-second month as a Debian ELTS paid contributor.
I worked for 24.25 hours for LTS and 28.50 hours for ELTS.

LTS CVE Fixes and Announcements:

• Fixed CVE-2022-47016 for tmux and uploaded to buster via 2.8-3+deb10u1.
  But decided to not roll the DLA for the package as the CVE got rejected upstream.
• Issued DLA 3359-1, fixing CVE-2019-13038 and CVE-2021-3639, for libapache2-mod-auth-mellon.
  For Debian 10 buster, these problems have been fixed in version 0.14.2-1+deb10u1.
• Issued DLA 3360-1, fixing CVE-2021-30151 and CVE-2022-23837, for ruby-sidekiq.
  For Debian 10 buster, these problems have been fixed in version 5.2.3+dfsg-1+deb10u1.
• Worked on ruby-rails-html-sanitize and added notes to the security-tracker.
  TL;DR: we need newer methods in ruby-loofah to make the patches for ruby-rails-html-sanitize backportable.
• Started to look at other set of packages meanwhile.

ELTS CVE Fixes and Announcements:

• Issued ELA 813-1, fixing CVE-2017-12618 and CVE-2022-25147, for apr-util.
  For Debian 8 jessie, these problems have been fixed in version 1.5.4-1+deb8u1.
  For Debian 9 stretch, these problems have been fixed in version 1.5.4-3+deb9u1.
• Issued ELA 814-1, fixing CVE-2022-39286, for jupyter-core.
  For Debian 9 stretch, these problems have been fixed in version 4.2.1-1+deb9u1.
• Issued ELA 815-1, fixing CVE-2022-44792 and CVE-2022-44793, for net-snmp.
  For Debian 8 jessie, these problems have been fixed in version 5.7.2.1+dfsg-1+deb8u6.
  For Debian 9 stretch, these problems have been fixed in version 5.7.3+dfsg-1.7+deb9u5.
• Helped facilitate RabbitMQ s update queries by one of our customers.
• Started to look at other set of packages meanwhile.

Other (E)LTS Work:

• Triaged ruby-loofah, ruby-sinatra, tmux, ruby-sidekiq, libapache2-mod-auth-mellon, jupyter-core, net-snmp, and apr-util, rabbitmq-server.
• Helped and assisted new contributors joining Freexian (LTS/ELTS/internally).
• Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.
• Participated and helped fellow members with their queries via private mail and chat.
• General and other discussions on LTS private and public mailing list.
• Attended the monthly LTS meeting.

---

Until next time.
:wq for today.

Like each month, have a look at the work funded by Freexian s Debian LTS offering. This is the first monthly report in 2023.

Debian LTS contributors In January, 17 contributors have been paid to work on Debian LTS. which is possibly the highest number of active contributors per month! Their reports are available:

• Abhijith PA did 0.0h (out of 3.0h assigned and 11.0h from previous period), thus carrying over 14.0h to the next month.
• Adrian Bunk did 26.25h (out of 26.25h assigned).
• Anton Gladky did 11.5h (out of 8.0h assigned and 7.0h from previous period), thus carrying over 3.5h to the next month.
• Ben Hutchings did 8.0h (out of 24.0h assigned), thus carrying over 16.0h to the next month.
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Emilio Pozuelo Monfort did 8.0h (out of 0h assigned and 43.0h from previous period), thus carrying over 35.0h to the next month.
• Guilhem Moulin did 20.0h (out of 17.5h assigned and 2.5h from previous period).
• Helmut Grohne did 10.0h (out of 15.0h assigned), thus carrying over 5.0h to the next month.
• Lee Garrett did 7.5h (out of 20.0h assigned), thus carrying over 12.5h to the next month.
• Markus Koschany did 26.25h (out of 26.25h assigned).
• Ola Lundqvist did 4.5h (out of 10.0h assigned and 6.0h from previous period), thus carrying over 11.5h to the next month.
• Roberto C. S nchez did 3.75h (out of 18.75h assigned and 7.5h from previous period), thus carrying over 22.5h to the next month.
• Stefano Rivera did 4.5h (out of 0h assigned and 32.5h from previous period), thus carrying over 28.0h to the next month.
• Sylvain Beucler did 23.5h (out of 0h assigned and 38.5h from previous period), thus carrying over 15.0h to the next month.
• Thorsten Alteholz did 14.0h (out of 10.0h assigned and 4.0h from previous period).
• Tobias Frost did 19.0h (out of 19.0h assigned).
• Utkarsh Gupta did 43.25h (out of 26.25h assigned and 17.0h from previous period).

Evolution of the situation Furthermore, we released 46 DLAs in January, which resolved 146 CVEs. We are working diligently to reduce the number of packages listed in dla-needed.txt, and currently, we have 55 packages listed. We are constantly growing and seeking new contributors. If you are a Debian Developer and want to join the LTS team, please contact us.

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 89 months)
  • GitHub (for 80 months)
  • Civil Infrastructure Platform (CIP) (for 57 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 100 months)
  • Linode (for 94 months)
  • Babiel GmbH (for 83 months)
  • Plat Home (for 83 months)
  • University of Oxford (for 39 months)
  • Deveryware (for 26 months)
  • VyOS Inc (for 21 months)
  • EDF SA (for 10 months)
• Silver sponsors:
  • Domeneshop AS (for 105 months)
  • Nantes M tropole (for 99 months)
  • Univention GmbH (for 90 months)
  • Universit Jean Monnet de St Etienne (for 90 months)
  • Ribbon Communications, Inc. (for 84 months)
  • Exonet B.V. (for 74 months)
  • Leibniz Rechenzentrum (for 68 months)
  • CINECA (for 57 months)
  • Minist re de l Europe et des Affaires trang res (for 52 months)
  • Cloudways Ltd (for 41 months)
  • Dinahosting SL (for 39 months)
  • Bauer Xcel Media Deutschland KG (for 33 months)
  • Platform.sh (for 33 months)
  • MOXA INC. (for 27 months)
  • sipgate GmbH (for 24 months)
  • Tilburg University (for 23 months)
  • OVH US LLC (for 22 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 14 months)
  • Soliton Systems K.K. (for 11 months)
• Bronze sponsors:
  • Evolix (for 105 months)
  • Seznam.cz, a.s. (for 105 months)
  • Intevation GmbH (for 102 months)
  • Linuxhotel GmbH (for 102 months)
  • Daevel SARL (for 101 months)
  • Bitfolk LTD (for 99 months)
  • Megaspace Internet Services GmbH (for 99 months)
  • NUMLOG (for 99 months)
  • Greenbone Networks GmbH (for 98 months)
  • WinGo AG (for 98 months)
  • Ecole Centrale de Nantes - LHEEA (for 94 months)
  • Entr ouvert (for 89 months)
  • Adfinis AG (for 87 months)
  • GNI MEDIA (for 81 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 81 months)
  • Tesorion (for 81 months)
  • Bearstech (for 73 months)
  • LiHAS (for 72 months)
  • Catalyst IT Ltd (for 67 months)
  • Supagro (for 62 months)
  • Demarcq SAS (for 61 months)
  • Universit Grenoble Alpes (for 47 months)
  • TouchWeb SAS (for 39 months)
  • SPiN AG (for 36 months)
  • CoreFiling (for 31 months)
  • Institut des sciences cognitives Marc Jeannerod (for 26 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 23 months)
  • Tem Innovations GmbH (for 18 months)
  • WordFinder.pro (for 17 months)
  • CNRS DT INSU R sif (for 16 months)
  • Alter Way (for 9 months)

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In December, 17 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 3.0h (out of 0h assigned and 14.0h from previous period), thus carrying over 11.0h to the next month.
• Anton Gladky did 8.0h (out of 6.0h assigned and 9.0h from previous period), thus carrying over 7.0h to the next month.
• Ben Hutchings did 24.0h (out of 9.0h assigned and 15.0h from previous period).
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Dominik George did 0.0h (out of 10.0h assigned and 14.0h from previous period), thus carrying over 24.0h to the next month.
• Emilio Pozuelo Monfort did 8.0h in December, 8.0h in November (out of 1.5h assigned and 49.5h from previous period), thus carrying over 43.0h to the next month.
• Enrico Zini did 0.0h (out of 0h assigned and 8.0h from previous period), thus carrying over 8.0h to the next month.
• Guilhem Moulin did 17.5h (out of 20.0h assigned), thus carrying over 2.5h to the next month.
• Helmut Grohne did 15.0h (out of 15.0h assigned, 2.5h were taken from the extra-budget and worked on).
• Markus Koschany did 40.0h (out of 40.0h assigned).
• Ola Lundqvist did 10.0h (out of 7.5h assigned and 8.5h from previous period), thus carrying over 6.0h to the next month.
• Roberto C. S nchez did 24.5h (out of 20.25h assigned and 11.75h from previous period), thus carrying over 7.5h to the next month.
• Stefano Rivera did 2.5h (out of 20.5h assigned and 14.5h from previous period), thus carrying over 32.5h to the next month.
• Sylvain Beucler did 20.5h (out of 37.0h assigned and 22.0h from previous period), thus carrying over 38.5h to the next month.
• Thorsten Alteholz did 10.0h (out of 14.0h assigned), thus carrying over 4.0h to the next month.
• Tobias Frost did 16.0h (out of 16.0h assigned).
• Utkarsh Gupta did 51.5h (out of 42.5h assigned and 9.0h from previous period).

Evolution of the situation In December, we have released 47 DLAs, closing 232 CVEs. In the same year, in total we released 394 DLAs, closing 1450 CVEs. We are constantly growing and seeking new contributors. If you are a Debian Developer and want to join the LTS team, please contact us.

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 88 months)
  • GitHub (for 79 months)
  • Civil Infrastructure Platform (CIP) (for 56 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 99 months)
  • Linode (for 93 months)
  • Babiel GmbH (for 82 months)
  • Plat Home (for 82 months)
  • University of Oxford (for 38 months)
  • Deveryware (for 25 months)
  • VyOS Inc (for 20 months)
  • EDF SA (for 9 months)
• Silver sponsors:
  • Domeneshop AS (for 103 months)
  • Nantes M tropole (for 97 months)
  • Univention GmbH (for 89 months)
  • Universit Jean Monnet de St Etienne (for 89 months)
  • Ribbon Communications, Inc. (for 83 months)
  • Exonet B.V. (for 73 months)
  • Leibniz Rechenzentrum (for 67 months)
  • CINECA (for 56 months)
  • Minist re de l Europe et des Affaires trang res (for 50 months)
  • Cloudways Ltd (for 40 months)
  • Dinahosting SL (for 38 months)
  • Bauer Xcel Media Deutschland KG (for 32 months)
  • Platform.sh (for 32 months)
  • MOXA INC. (for 26 months)
  • sipgate GmbH (for 23 months)
  • OVH US LLC (for 21 months)
  • Tilburg University (for 21 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 12 months)
  • Soliton Systems K.K. (for 10 months)
• Bronze sponsors:
  • Evolix (for 104 months)
  • Seznam.cz, a.s. (for 104 months)
  • Intevation GmbH (for 101 months)
  • Linuxhotel GmbH (for 101 months)
  • Daevel SARL (for 99 months)
  • Bitfolk LTD (for 98 months)
  • Megaspace Internet Services GmbH (for 98 months)
  • Greenbone Networks GmbH (for 97 months)
  • NUMLOG (for 97 months)
  • WinGo AG (for 97 months)
  • Ecole Centrale de Nantes - LHEEA (for 93 months)
  • Entr ouvert (for 88 months)
  • Adfinis AG (for 85 months)
  • GNI MEDIA (for 80 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 80 months)
  • Tesorion (for 80 months)
  • Bearstech (for 71 months)
  • LiHAS (for 71 months)
  • Catalyst IT Ltd (for 66 months)
  • Supagro (for 61 months)
  • Demarcq SAS (for 60 months)
  • Universit Grenoble Alpes (for 46 months)
  • TouchWeb SAS (for 38 months)
  • SPiN AG (for 35 months)
  • CoreFiling (for 30 months)
  • Institut des sciences cognitives Marc Jeannerod (for 25 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 22 months)
  • Tem Innovations GmbH (for 16 months)
  • WordFinder.pro (for 16 months)
  • CNRS DT INSU R sif (for 15 months)
  • Alter Way (for 8 months)

Here s my (thirty-ninth) monthly but brief update about the activities I ve done in the F/L/OSS world.

Debian

This was my 48th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas 19! \o/ There s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:

• Some DebConf work.
• Sponsoring stuff for non-DDs.
• Mentoring for newcomers.
• Moderation of -project mailing list.

---

Ubuntu

This was my 23rd month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there s a bunch of things I do! \o/ I mostly worked on different things, I guess. I was too lazy to maintain a list of things I worked on so there s no concrete list atm. Maybe I ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

---

Debian (E)LTS

Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success. And Debian Extended LTS (ELTS) is its sister project, extending support to the stretch and jessie release (+2 years after LTS support). This was my thirty-ninth month as a Debian LTS and thirtieth month as a Debian ELTS paid contributor.
I worked for 51.50 hours for LTS and 22.50 hours for ELTS.

LTS CVE Fixes and Announcements:

• Issued DLA 3224-1, fixing CVE-2020-8287, for http-parser.
  For Debian 10 buster, these problems have been fixed in version 2.8.1-1+deb10u3.
• Issued DLA 3225-1, fixing CVE-2022-46391, for awstats.
  For Debian 10 buster, these problems have been fixed in version 7.6+dfsg-2+deb10u2.
• Issued DLA 3227-1, fixing CVE-2022-32209, for ruby-rails-html-sanitizer.
  For Debian 10 buster, these problems have been fixed in version 1.0.4-1+deb10u1.
• Issued DLA 3228-1, fixing CVE-2021-3918, for node-json-schema.
  For Debian 10 buster, these problems have been fixed in version 0.2.3-1+deb10u1.
• Issued DLA 3229-1, fixing CVE-2022-21704, for node-log4js.
  For Debian 10 buster, these problems have been fixed in version 4.0.2-2+deb10u1.
• Issued DLA 3230-1, fixing CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, and CVE-2022-31160, for jqueryui.
  For Debian 10 buster, these problems have been fixed in version 1.12.1+dfsg-5+deb10u1.
• Issued DLA 3231-1, fixing CVE-2020-29394, CVE-2020-36244, and CVE-2022-31291, for dlt-daemon.
  For Debian 10 buster, these problems have been fixed in version 2.18.0-1+deb10u1.
• Inspected joblib s security update upon Helmut s investigation and see what went wrong there.
• Started to look at other set of packages: node-moment, tiff, ruby*, et al.

ELTS CVE Fixes and Announcements:

• Issued ELA 752-1, fixing CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, and CVE-2022-31160, for jqueryui.
  For Debian 9 stretch, these problems have been fixed in version 1.12.1+dfsg-4+deb9u1.
• Helped facilitate Erlang s and RabbitMQ s update; cf: ELA 754-1.
• Looked through python3.4 s FTBFS on armhf. Even diff d with Ubuntu. No luck. Inspected the traces, doesn t give a lot of hint either. Will continue to look later next month or so but it s a rabbit hole. (:
• Inspected joblib s security update upon Helmut s investigation and see what went wrong there.
• Started to look at other set of packages: dropbear, tiff, et al.

Other (E)LTS Work:

• Triaged jqueryui, http-parser, awstats, ruby-rails-html-sanitizer, node-json-schema, node-log4js, dlt-daemon, joblib, tiff, dropbear, python3.5, python3.4, ruby-sinatra, erlang, and rabbitmq-server.
• Helped and assisted new contributors joining Freexian (LTS/ELTS/internally).
• Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.
• Participated and helped fellow members with their queries via private mail and chat.
• General and other discussions on LTS private and public mailing list.
• Attended the monthly Freexian meeting.

---

Until next time.
:wq for today.

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In November, 15 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 0.0h (out of 14.0h assigned), thus carrying over 14.0h to the next month.
• Anton Gladky did 6.0h (out of 15.0h assigned), thus carrying over 9.0h to the next month.
• Ben Hutchings did 9.0h (out of 24.0h assigned), thus carrying over 15.0h to the next month.
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Dominik George did 10.0h (out of 0h assigned and 24.0h from previous period), thus carrying over 14.0h to the next month.
• Emilio Pozuelo Monfort did 0.0h (out of 38.0h assigned and 19.5h from previous period), thus carrying over 57.5h to the next month.
• Enrico Zini did 0.0h (out of 0h assigned and 8.0h from previous period), thus carrying over 8.0h to the next month.
• Helmut Grohne did 17.5h (out of 20.0h assigned).
• Markus Koschany did 40.0h (out of 40.0h assigned).
• Ola Lundqvist did 7.5h (out of 11.0h assigned and 5.0h from previous period), thus carrying over 8.5h to the next month.
• Roberto C. S nchez did 20.25h (out of 0.75h assigned and 31.25h from previous period), thus carrying over 11.75h to the next month.
• Stefano Rivera did 2.5h (out of 0h assigned and 17.0h from previous period), thus carrying over 14.5h to the next month.
• Sylvain Beucler did 35.5h (out of 23.0h assigned and 34.5h from previous period), thus carrying over 22.0h to the next month.
• Thorsten Alteholz did 14.0h (out of 14.0h assigned).
• Utkarsh Gupta did 41.0h (out of 32.5h assigned and 25.0h from previous period), thus carrying over 16.5h to the next month.

Evolution of the situation In November, we released 43 DLAs, fixing 183 CVEs. We currently have 63 packages in dla-needed.txt that are waiting for updates, which is 19 fewer than the previous month. We re excited to announce that two Debian Developers Tobias Frost and Guilhem Moulin, have completed the on-boarding process and will begin contributing to LTS as of December 2022. Welcome aboard!

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 87 months)
  • GitHub (for 78 months)
  • Civil Infrastructure Platform (CIP) (for 55 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 98 months)
  • Linode (for 92 months)
  • Babiel GmbH (for 81 months)
  • Plat Home (for 81 months)
  • University of Oxford (for 37 months)
  • Deveryware (for 24 months)
  • VyOS Inc (for 19 months)
  • EDF SA (for 8 months)
• Silver sponsors:
  • Domeneshop AS (for 102 months)
  • Nantes M tropole (for 96 months)
  • Univention GmbH (for 88 months)
  • Universit Jean Monnet de St Etienne (for 88 months)
  • Ribbon Communications, Inc. (for 82 months)
  • Exonet B.V. (for 72 months)
  • Leibniz Rechenzentrum (for 66 months)
  • CINECA (for 55 months)
  • Minist re de l Europe et des Affaires trang res (for 49 months)
  • Cloudways Ltd (for 39 months)
  • Dinahosting SL (for 37 months)
  • Bauer Xcel Media Deutschland KG (for 31 months)
  • Platform.sh (for 31 months)
  • MOXA INC. (for 25 months)
  • sipgate GmbH (for 22 months)
  • OVH US LLC (for 20 months)
  • Tilburg University (for 20 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 12 months)
  • Soliton Systems K.K. (for 9 months)
• Bronze sponsors:
  • Evolix (for 103 months)
  • Seznam.cz, a.s. (for 103 months)
  • Intevation GmbH (for 100 months)
  • Linuxhotel GmbH (for 100 months)
  • Daevel SARL (for 98 months)
  • Bitfolk LTD (for 97 months)
  • Megaspace Internet Services GmbH (for 97 months)
  • Greenbone Networks GmbH (for 96 months)
  • NUMLOG (for 96 months)
  • WinGo AG (for 96 months)
  • Ecole Centrale de Nantes - LHEEA (for 92 months)
  • Entr ouvert (for 87 months)
  • Adfinis AG (for 84 months)
  • GNI MEDIA (for 79 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 79 months)
  • Tesorion (for 79 months)
  • Bearstech (for 70 months)
  • LiHAS (for 70 months)
  • Catalyst IT Ltd (for 65 months)
  • Supagro (for 60 months)
  • Demarcq SAS (for 59 months)
  • Universit Grenoble Alpes (for 45 months)
  • TouchWeb SAS (for 37 months)
  • SPiN AG (for 34 months)
  • CoreFiling (for 29 months)
  • Institut des sciences cognitives Marc Jeannerod (for 24 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 21 months)
  • Tem Innovations GmbH (for 16 months)
  • WordFinder.pro (for 15 months)
  • CNRS DT INSU R sif (for 14 months)
  • Alter Way (for 7 months)

Here s my (thirty-eighth) monthly but brief update about the activities I ve done in the F/L/OSS world.

Debian

This was my 47th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas 19! \o/ There s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:

Debian Uploads

• tango (9.3.4+dfsg1-2) - Fix FTBFS: configure: error; cf: bug#1020056.

Other $things:

• Sponsoring stuff for non-DDs.
• Mentoring for newcomers.
• Moderation of -project mailing list.

---

Ubuntu

This was my 22nd month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there s a bunch of things I do! \o/ I mostly worked on different things, I guess. I was too lazy to maintain a list of things I worked on so there s no concrete list atm. Maybe I ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

---

Debian (E)LTS

Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success. And Debian Extended LTS (ELTS) is its sister project, extending support to the stretch and jessie release (+2 years after LTS support). This was my thirty-eighth month as a Debian LTS and twenty-nine month as a Debian ELTS paid contributor.
I worked for 41.00 hours for LTS and 30.25 hours for ELTS.

LTS CVE Fixes and Announcements:

• Issued DLA 3187-1, fixing CVE-2021-36369, for dropbear.
  For Debian 10 buster, these problems have been fixed in version 2018.76-5+deb10u2.
• Issued DLA 3188-1, fixing CVE-2019-16167, CVE-2019-19725, and CVE-2022-39377, for sysstat.
  For Debian 10 buster, these problems have been fixed in version 12.0.3-2+deb10u1.
• Issued DLA 3189-1 for a minor LTS version update of postgresql-11.
  For Debian 10 buster, the package has been updated to version 11.18-0+deb10u1.
• Issued DLA 3215-1, fixing CVE-2022-3328, for snapd.
  For Debian 10 buster, these problems have been fixed in version 2.37.4-1+deb10u2.
• Issued DLA 3216-1, fixing CVE-2022-41325, for vlc.
  For Debian 10 buster, these problems have been fixed in version 3.0.17.4-0+deb10u2.
• Issued DLA 3217-1, fixing CVE-2022-46338, for g810-led.
  For Debian 10 buster, these problems have been fixed in version 0.3.3-2+deb10u1.
• Issued DLA 3218-1, fixing CVE-2022-41946, for libpgjava.
  For Debian 10 buster, these problems have been fixed in version 42.2.5-2+deb10u3.
• Issued DLA 3220-1 for a new upstream version update of clamav.
  For Debian 10 buster, the package has been updated to version 0.103.7+dfsg-0+deb10u1.
• Started to look at other set of packages.

ELTS CVE Fixes and Announcements:

• Issued ELA 731-1, fixing CVE-2022-39377, for sysstat.
  For Debian 9 stretch, these problems have been fixed in version 11.4.3-2+deb9u1.
  For Debian 8 jessie, these problems have been fixed in version 11.0.1-1+deb8u1.
• Issued ELA 749-1, fixing CVE-2022-41325, for vlc.
  For Debian 9 stretch, these problems have been fixed in version 3.0.17.4-0+deb9u2.
• Issued ELA 750-1 for a new upstream version update of clamav.
  For Debian 9 stretch, the package has been updated to version 0.103.7+dfsg-0+deb9u1. For Debian 8 jessie, the package has been updated to version 0.103.7+dfsg-0+deb8u1.
• Started to look at other set of packages.

Other (E)LTS Work:

• Front desk duty from 21-11 until 27-11 for both, LTS and ELTS.
• Triaged jqueryui, open-vm-tools, systemd, ffmpeg, lava, pngcheck, snapd, vlc, g810-led, libpgjava, dropbear, python3.5, python3.4, clamav, systat, postgresql-11, and mariadb-10.1.
• Marked CVE-2009-1143/open-vm-tools as postponed for buster, stretch and jessie.
• Marked CVE-2022-45873/systemd as not-affected in stretch and jessie.
• Marked CVE-2022-396 4,5 /ffmpeg as postponed for buster and stretch.
• Marked CVE-2022-45061/python3. 4,5 as postponed for stretch and jessie.
• Marked CVE-2022-31160/jqueryui as not-affected for jessie instead.
• Noted CVE-2022-45061/python3.4 to be marked as postponed; only things to fix is the armhf FTBFS.
• Auto EOL d linux, libpgjava, nvidia-graphics-drivers, maradns, chromium, and glance for ELTS.
• Helped and assisted new contributors joining Freexian (LTS/ELTS/internally).
• Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.
• Participated and helped fellow members with their queries via private mail and chat.
• General and other discussions on LTS private and public mailing list.
• Attended the monthly meeting held on IRC on November 24th.

---

Until next time.
:wq for today.

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In October, 15 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 14.0h (out of 2.0h assigned and 12.0h from previous period).
• Anton Gladky did 20.0h (out of 19.0h assigned and 1.0h from previous period).
• Ben Hutchings did 9.0h (out of 0h assigned and 9.0h from previous period).
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Dominik George did 0.0h (out of 0h assigned and 24.0h from previous period), thus carrying over 24.0h to the next month.
• Emilio Pozuelo Monfort did 40.5h (out of 58.0h assigned and 2.0h from previous period), thus carrying over 19.5h to the next month.
• Enrico Zini did 0.0h (out of 0h assigned and 8.0h from previous period), thus carrying over 8.0h to the next month.
• Helmut Grohne did 15.0h (out of 15.0h assigned).
• Markus Koschany did 40.0h (out of 40.0h assigned).
• Ola Lundqvist did 7.0h (out of 12.0h assigned), thus carrying over 5.0h to the next month.
• Roberto C. S nchez did 0.75h (out of 1.0h assigned and 31.0h from previous period), thus carrying over 31.25h to the next month.
• Stefano Rivera did 12.5h (out of 9.0h assigned and 26.0h from previous period), thus carrying over 22.5h to the next month.
• Sylvain Beucler did 25.5h (out of 31.5h assigned and 28.5h from previous period), thus carrying over 34.5h to the next month.
• Thorsten Alteholz did 14.0h (out of 14.0h assigned).
• Utkarsh Gupta did 35.0h (out of 38.0h assigned and 22.0h from previous period), thus carrying over 25.0h to the next month.

Evolution of the situation In October, we have released 42 DLAs, closing 106 CVEs. At the moment we have 82 packages in dla-needed.txt, waiting for update. We are continuously working on updating our infrastructure, trying to document all of our changes in the git-repo. Most of packages there are having continuous integration (CI) pipelines.

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 86 months)
  • GitHub (for 77 months)
  • Civil Infrastructure Platform (CIP) (for 54 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 97 months)
  • Linode (for 91 months)
  • Babiel GmbH (for 80 months)
  • Plat Home (for 80 months)
  • University of Oxford (for 36 months)
  • Deveryware (for 23 months)
  • VyOS Inc (for 18 months)
  • EDF SA (for 7 months)
• Silver sponsors:
  • Domeneshop AS (for 101 months)
  • Nantes M tropole (for 95 months)
  • Univention GmbH (for 87 months)
  • Universit Jean Monnet de St Etienne (for 87 months)
  • Ribbon Communications, Inc. (for 81 months)
  • Exonet B.V. (for 71 months)
  • Leibniz Rechenzentrum (for 65 months)
  • CINECA (for 54 months)
  • Minist re de l Europe et des Affaires trang res (for 48 months)
  • Cloudways Ltd (for 38 months)
  • Dinahosting SL (for 36 months)
  • Bauer Xcel Media Deutschland KG (for 30 months)
  • Platform.sh (for 30 months)
  • Moxa Intelligence Co., Ltd. (for 24 months)
  • sipgate GmbH (for 21 months)
  • OVH US LLC (for 19 months)
  • Tilburg University (for 19 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 11 months)
  • Soliton Systems K.K. (for 8 months)
• Bronze sponsors:
  • Evolix (for 102 months)
  • Seznam.cz, a.s. (for 102 months)
  • Intevation GmbH (for 99 months)
  • Linuxhotel GmbH (for 99 months)
  • Daevel SARL (for 97 months)
  • Bitfolk LTD (for 96 months)
  • Megaspace Internet Services GmbH (for 96 months)
  • Greenbone Networks GmbH (for 95 months)
  • NUMLOG (for 95 months)
  • WinGo AG (for 95 months)
  • Ecole Centrale de Nantes - LHEEA (for 91 months)
  • Entr ouvert (for 86 months)
  • Adfinis AG (for 83 months)
  • GNI MEDIA (for 78 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 78 months)
  • Tesorion (for 78 months)
  • Bearstech (for 69 months)
  • LiHAS (for 69 months)
  • Catalyst IT Ltd (for 64 months)
  • Supagro (for 59 months)
  • Demarcq SAS (for 58 months)
  • Universit Grenoble Alpes (for 44 months)
  • TouchWeb SAS (for 36 months)
  • SPiN AG (for 33 months)
  • CoreFiling (for 28 months)
  • Institut des sciences cognitives Marc Jeannerod (for 23 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 20 months)
  • Tem Innovations GmbH (for 15 months)
  • WordFinder.pro (for 14 months)
  • CNRS DT INSU R sif (for 13 months)
  • Alter Way (for 6 months)

Here s my (thirty-seventh) monthly but brief update about the activities I ve done in the F/L/OSS world.

Debian

This was my 46th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas 19! \o/ There s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:

Debian Uploads

• ruby-espeak (1.1.0-1) - New upstream version, v1.1.0.

Other $things:

• Being an AM for Arun Kumar, process #1024. Process completed. \o/
• Sponsoring stuff for non-DDs.
• Mentoring for newcomers.
• Moderation of -project mailing list.

---

Ubuntu

This was my 21st month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there s a bunch of things I do! \o/ I mostly worked on different things, I guess. I was too lazy to maintain a list of things I worked on so there s no concrete list atm. Maybe I ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

---

Debian (E)LTS

Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success. And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support). This was my thirty-seventh month as a Debian LTS and twenty-eighth month as a Debian ELTS paid contributor.
I worked for 35.00 hours for LTS and 25.00 hours for ELTS.

LTS CVE Fixes and Announcements:

• Issued DLA 3146-1, fixing CVE-2022-2928 and CVE-2022-2929, for isc-dhcp.
  For Debian 10 buster, these problems have been fixed in version 4.4.1-2+deb10u2.
• Issued DLA 3165-1, fixing CVE-2022-43680, for expat.
  For Debian 10 buster, these problems have been fixed in version 2.2.6-2+deb10u6.
• Issued DLA 3166-1, fixing CVE-2022-29970, for ruby-sinatra.
  For Debian 10 buster, these problems have been fixed in version 2.0.5-4+deb10u1.
• Uploaded dropbear to fix CVE-2021-36369 in buster. Waiting for ELTS upload to issue the DLA. But will do soon now.
• src:joblib is a bit painful - having to backport patches to Py2. :/
• Started to look at other set of packages.

ELTS CVE Fixes and Announcements:

• Issued ELA 715-1, fixing CVE-2022-43680, for expat.
  For Debian 9 stretch, these problems have been fixed in version 2.2.0-2+deb9u7.
  For Debian 8 jessie, these problems have been fixed in version 2.1.0-6+deb8u10.
• Issued ELA 716-1, fixing CVE-2018-25045 and CVE-2020-25626, for djangorestframework.
  For Debian 9 stretch, these problems have been fixed in version 3.4.0-2+deb9u1.
• Uploaded dropbear to fix CVE-2021-36369 in buster. Waiting for ELTS upload, too. But some backporting problems. :/
• src:joblib is a bit painful - having to backport patches to Py2. :/
• Started to look at other set of packages.

Other (E)LTS Work:

• Triaged joblib, dropbear, ruby-sinatra, djangorestframework, isc-dhcp, and expat.
• Reverted Mark freerdp CVEs wrongly affecting freerdp <2.0.0 in the ELTS tracker.
• Helped and assisted new contributors joining Freexian (LTS/ELTS).
• Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.
• Participated and helped fellow members with their queries via private mail and chat.
• General and other discussions on LTS private and public mailing list.
• Attended the monthly meeting held on Jitsi on October 27th.

---

Until next time.
:wq for today.

Here s my (thirty-sixth) monthly but brief update about the activities I ve done in the F/L/OSS world.

Debian

This was my 45th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas 19! \o/ There s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:

Debian Uploads

• rails (2:6.1.6.1+dfsg-2) - Add patch to allow Symbols in YAML columns, fixes #1018934.
• rails (2:6.1.6.1+dfsg-3) - Add patch to remove active_record.yaml initializers.
• rails (2:6.1.6.1+dfsg-4) - Add patch to allow Date, Time, ActiveSupport::HashWithIndifferentAccess in YAML columns.
• ruby-arbre (1.4.0-2) - Add patch to use selector to detect authenticity token input.
• ruby-net-http-digest-auth (1.4.1-1) - New upstream version, v1.4.1 to fix the FTBFS w/ rails.
• rails (2:6.1.7+dfsg-1) - New upstream version, v6.1.7+dfsg.
• redmine (5.0.2-1) - New upstream version, v5.0.2 + fixes for #1017525, #1019607, #1019238, and #1014813.
• redmine (5.0.2-2) - Add patch to relax pg s version for autopkgtest.
• ruby-json-jwt (1.14.0-2) - No-change rebuild for unstable to fix #1011682.
• libexporter-tiny-perl (1.004002-1) - New upstream version, v1.004002.

Other $things:

• Sponsored php-nikic-fast-route/1.3.0-4~bpo11+1 for William.
• Being an AM for Arun Kumar, process #1024.
• Sponsoring stuff for non-DDs.
• Mentoring for newcomers.
• Moderation of -project mailing list.

---

Ubuntu

This was my 20th month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there s a bunch of things I do! \o/ I mostly worked on different things, I guess. I was too lazy to maintain a list of things I worked on so there s no concrete list atm. Maybe I ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

---

Debian (E)LTS

Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success. And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support). This was my thirty-sixth month as a Debian LTS and twenty-seventh month as a Debian ELTS paid contributor.
I worked for 38.00 hours for LTS and 27.00 hours for ELTS.

LTS CVE Fixes and Announcements:

• Rolled out announcement for src:flac.
• Rolled out announcement for src:ruby-rack.
• Issued DLA 3128-1, fixing CVE-2020-7677, for node-thenify.
  For Debian 10 buster, these problems have been fixed in version 3.3.0-1+deb10u1.
• Issued DLA 3129-1, fixing CVE-2019-17545 and CVE-2021-45943, for gdal.
  For Debian 10 buster, these problems have been fixed in version 2.4.0+dfsg-1+deb10u1.
• Looked at src:mbedtls which has about 18 CVEs opened in buster (including no-dsa).
  Also, spoke to the maintainer - they said they d be uncomfortable doing or reviewing the backport (although they initially said they d be happy to help).
• Fixed src:rails regression via 2:6.1.6.1+dfsg-2, 2:6.1.6.1+dfsg-3, and 2:6.1.6.1+dfsg-4 for sid.
  CVE-2022-32224 broke the entire world. :)
• Helped Abhijith figure out the regression fix for CVE-2022-32224.
  Also got that verified by the people who reported regression, Raphael, Sven, and Jude. The whole thread is on debian-lts@.

ELTS CVE Fixes and Announcements:

• Rolled out announcemnet for src:ruby-tzinfo.
• Rolled out announcemnet for src:grubt.
• Issued ELA 682-1, fixing CVE-2022-31676, for open-vm-tools.
  For Debian 9 stretch, these problems have been fixed in version 2:10.1.5-5055683-4+deb9u3.
• Issued ELA 691-1, fixing CVE-2020-21365, for wkhtmltopdf.
  For Debian 8 jessie, these problems have been fixed in version 0.12.1-2+deb8u1.
  For Debian 9 stretch, these problems have been fixed in version 0.12.3.2-3+deb9u1.
• Issued ELA 692-1, fixing CVE-2022-37452, for exim4.
  For Debian 8 jessie, these problems have been fixed in version 4.84.2-2+deb8u9.
  For Debian 9 stretch, these problems have been fixed in version 4.89-2+deb9u9.
• Started to look at src:tiff again. Has a lot of open issues. Haven t claimed the package officially yet, though. :)

Other (E)LTS Work:

• Triaged rails, node-thenify, exim4, wkhtmltopdf, gdal, and mbedtls.
• Marked CVE-2019-25050/gdal as not-affected for buster.
• Marked CVE-2022-37451/exim4 as not-affected for stretch and jessie; following buster and bullseye.
• Helped and assisted new contributors joining Freexian (LTS/ELTS).
• Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.
• Participated and helped fellow members with their queries via private mail and chat.
• General and other discussions on LTS private and public mailing list.
• Attended the monthly public meeting held on #debian-lts on September 29th.

---

Until next time.
:wq for today.

Like each month, have a look at the work funded by Freexian s Debian LTS offering. Debian project funding Two [1, 2] projects are in the pipeline now. Tryton project is in a final phase. Gradle projects is fighting with technical difficulties. In May, we put aside 2233 EUR to fund Debian projects. We re looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article. Debian LTS contributors In May, 14 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 14.0h (out of 14h assigned).
• Andreas R nnquist did 14.5h (out of 25.0h assigned), thus carrying over 10.5h to June.
• Anton Gladky did 19h (out of 19h assigned).
• Ben Hutchings did 8h (out of 11h assigned and 13h from April), thus carrying over 16h to June.
• Chris Lamb did 18h (out of 18h assigned).
• Dominik George did 2h (out of 20.0h assigned), thus carrying over 18h to June.
• Enrico Zini did 9.5h (out of 16.0h assigned), thus carrying over 6.5h to June.
• Emilio Pozuelo Monfort did 28h (out of 13.75h assigned and 35.25h from April), thus carrying over 21h to June.
• Markus Koschany did 40h (out of 40h assigned).
• Roberto C. S nchez did 13.5h (out of 32h assigned), thus carrying over 18.5h to June.
• Sylvain Beucler did 23.5h (out of 20h assigned and 20h from April), thus carrying over 16.5h to June.
• Stefano Rivera did 5h in April and 14h in May (out of 17.5h assigned), thus anticipating 1.5h for June.
• Thorsten Alteholz did 40h (out of 40h assigned).
• Utkarsh Gupta did 35h (out of 19h assigned and 30h from April), thus carrying over 14h to June.

Evolution of the situation In May we released 49 DLAs. The security tracker currently lists 71 packages with a known CVE and the dla-needed.txt file has 65 packages needing an update. The number of paid contributors increased significantly, we are pleased to welcome our latest team members: Andreas R nnquist, Dominik George, Enrico Zini and Stefano Rivera. It is worth pointing out that we are getting close to the end of the LTS period for Debian 9. After June 30th, no new security updates will be made available on security.debian.org. We are preparing to overtake Debian 10 Buster for the next two years and to make this process as smooth as possible. But Freexian and its team of paid Debian contributors will continue to maintain Debian 9 going forward for the customers of the Extended LTS offer. If you have Debian 9 servers to keep secure, it s time to subscribe! You might not have noticed, but Freexian formalized a mission statement where we explain that our purpose is to help improve Debian. For this, we want to fund work time for the Debian developers that recently joined Freexian as collaborators. The Extended LTS and the PHP LTS offers are built following a model that will help us to achieve this if we manage to have enough customers for those offers. So consider subscribing: you help your organization but you also help Debian! Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 81 months)
  • GitHub (for 72 months)
  • Civil Infrastructure Platform (CIP) (for 49 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 92 months)
  • Linode (for 86 months)
  • Babiel GmbH (for 75 months)
  • Plat Home (for 75 months)
  • University of Oxford (for 31 months)
  • Deveryware (for 18 months)
  • VyOS Inc (for 13 months)
  • EDF SA
• Silver sponsors:
  • The Positive Internet Company (for 97 months)
  • Domeneshop AS (for 96 months)
  • Nantes M tropole (for 90 months)
  • Univention GmbH (for 82 months)
  • Universit Jean Monnet de St Etienne (for 82 months)
  • Ribbon Communications, Inc. (for 76 months)
  • Exonet B.V. (for 66 months)
  • Leibniz Rechenzentrum (for 60 months)
  • CINECA (for 49 months)
  • Minist re de l Europe et des Affaires trang res (for 43 months)
  • Cloudways Ltd (for 33 months)
  • Dinahosting SL (for 31 months)
  • Bauer Xcel Media Deutschland KG (for 25 months)
  • Platform.sh (for 25 months)
  • Moxa Intelligence Co., Ltd. (for 19 months)
  • sipgate GmbH (for 16 months)
  • OVH US LLC (for 14 months)
  • Tilburg University (for 14 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 6 months)
  • Telecats BV (for 4 months)
  • Soliton Systems K.K. (for 3 months)
• Bronze sponsors:
  • Evolix (for 97 months)
  • Seznam.cz, a.s. (for 97 months)
  • Intevation GmbH (for 94 months)
  • Linuxhotel GmbH (for 94 months)
  • Daevel SARL (for 92 months)
  • Bitfolk LTD (for 91 months)
  • Megaspace Internet Services GmbH (for 91 months)
  • Greenbone Networks GmbH (for 90 months)
  • NUMLOG (for 90 months)
  • WinGo AG (for 90 months)
  • Ecole Centrale de Nantes LHEEA (for 86 months)
  • Entr ouvert (for 81 months)
  • Adfinis AG (for 78 months)
  • GNI MEDIA (for 73 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 73 months)
  • Tesorion (for 73 months)
  • Bearstech (for 64 months)
  • LiHAS (for 64 months)
  • People Doc (for 61 months)
  • Catalyst IT Ltd (for 59 months)
  • Supagro (for 54 months)
  • Demarcq SAS (for 53 months)
  • Universit Grenoble Alpes (for 39 months)
  • TouchWeb SAS (for 31 months)
  • SPiN AG (for 28 months)
  • CoreFiling (for 23 months)
  • Institut des sciences cognitives Marc Jeannerod (for 18 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 15 months)
  • Tem Innovations GmbH (for 10 months)
  • WordFinder.pro (for 9 months)
  • CNRS DT INSU R sif (for 8 months)
  • Alter Way

Like each month, have a look at the work funded by Freexian s Debian LTS offering. Debian project funding Two projects are currently in the pipeline: Gradle enterprise and Tryton update. Progress is quite slow on the Gradle one, there are technical difficulties. The tryton one was stalled because the developer had not enough time but seems to progress smoothly in the last weeks. In April, we put aside 2635 EUR to fund Debian projects. We re looking forward to receive more projects from various Debian teams! Learn more about the rationale behind this initiative in this article. Debian LTS contributors In April, 11 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 14h out of 14h assigned
• Anton Gladky did 20h out of 20h assigned
• Ben Hutchings did 11h out of 16h assigned and 8h from March, thus carrying over 13h to May
• Chris Lamb did 18h out of 18h assigned
• Emilio Pozuelo Monfort did 18h (out of 53.25h assigned), thus carrying over 35.25h to May
• Jeremiah Foster did 9.5h out of 13.5h assigned, thus carrying over 4h to May
• Markus Koschany did 40 out of 40h assigned
• Roberto C. S nchez did 18h carried out from March
• Sylvain Beucler did 20h out of 14.5h assigned and 25.5h from March, thus carrying over 20h to May
• Thorsten Alteholz did 40h out of 40h assigned
• Utkarsh Gupta did 23.25h out of 51.5h assigned and 1.75h from March, thus carrying over 30h to May

Evolution of the situation In April we released 30 DLAs and we were glad to welcome a new customer with Alter Way. The security tracker currently lists 72 packages with a known CVE and the dla-needed.txt file has 71 packages needing an update. It is worth pointing out that we are getting close to the end of the LTS period for Debian 9. After June 30th, no new security updates will be made available on security.debian.org. But Freexian and its team of paid Debian contributors will continue to maintain Debian 9 going forward for the customers of the Extended LTS offer. If you have Debian 9 servers to keep secure, it s time to subscribe! You might not have noticed, but Freexian formalized a mission statement where we explain that our purpose is to help improve Debian. For this, we want to fund work time for the Debian developers that recently joined Freexian as collaborators. The Extended LTS and the PHP LTS offers are built following a model that will help us to achieve this if we manage to have enough customers for those offers. So consider subscribing: you help your organization but you also help Debian! Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 80 months)
  • GitHub (for 71 months)
  • Civil Infrastructure Platform (CIP) (for 48 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 91 months)
  • Linode (for 85 months)
  • Babiel GmbH (for 75 months)
  • Plat Home (for 74 months)
  • University of Oxford (for 30 months)
  • Deveryware (for 17 months)
  • VyOS Inc (for 12 months)
  • EDF SA
• Silver sponsors:
  • The Positive Internet Company (for 97 months)
  • Domeneshop AS (for 96 months)
  • Nantes M tropole (for 90 months)
  • Universit Jean Monnet de St Etienne (for 82 months)
  • Univention GmbH (for 81 months)
  • Ribbon Communications, Inc. (for 75 months)
  • Exonet B.V. (for 65 months)
  • Leibniz Rechenzentrum (for 59 months)
  • CINECA (for 49 months)
  • Minist re de l Europe et des Affaires trang res (for 43 months)
  • Cloudways Ltd (for 32 months)
  • Dinahosting SL (for 30 months)
  • Bauer Xcel Media Deutschland KG (for 24 months)
  • Platform.sh (for 24 months)
  • Moxa Intelligence Co., Ltd. (for 18 months)
  • sipgate GmbH (for 15 months)
  • Tilburg University (for 14 months)
  • OVH US LLC (for 13 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 5 months)
  • Telecats BV (for 3 months)
  • Soliton Systems K.K.
• Bronze sponsors:
  • Evolix (for 96 months)
  • Seznam.cz, a.s. (for 96 months)
  • Intevation GmbH (for 93 months)
  • Linuxhotel GmbH (for 93 months)
  • Daevel SARL (for 92 months)
  • Bitfolk LTD (for 91 months)
  • Megaspace Internet Services GmbH (for 91 months)
  • Greenbone Networks GmbH (for 90 months)
  • NUMLOG (for 90 months)
  • WinGo AG (for 89 months)
  • Ecole Centrale de Nantes LHEEA (for 85 months)
  • Entr ouvert (for 80 months)
  • Adfinis AG (for 78 months)
  • GNI MEDIA (for 72 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 72 months)
  • Tesorion (for 72 months)
  • Bearstech (for 64 months)
  • LiHAS (for 64 months)
  • People Doc (for 60 months)
  • Catalyst IT Ltd (for 58 months)
  • Supagro (for 54 months)
  • Demarcq SAS (for 52 months)
  • Universit Grenoble Alpes (for 38 months)
  • TouchWeb SAS (for 30 months)
  • SPiN AG (for 27 months)
  • CoreFiling (for 23 months)
  • Institut des sciences cognitives Marc Jeannerod (for 17 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 14 months)
  • Tem Innovations GmbH (for 9 months)
  • WordFinder.pro (for 8 months)
  • CNRS DT INSU R sif (for 7 months)
  • Alter Way

Here s my (thirty-first) monthly but brief update about the activities I ve done in the F/L/OSS world.

Debian

This was my 40th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas 19! \o/ There s a bunch of things I did this month but mostly non-technical, now that DC22 is around the corner. Here are the things I did:

Debian Uploads

• Helped Andrius w/ FTBFS for php-text-captcha, reported via #977403.
  • I fixed the samed in Ubuntu a couple of months ago and they copied over the patch here.

Other $things:

• Volunteering for DC22 Content team.
• Leading the Bursary team w/ Paulo.
• Answering a bunch of questions of referees and attendees around bursary.
• Being an AM for Arun Kumar, process #1024.
• Mentoring for newcomers.
• Moderation of -project mailing list.

---

Ubuntu

This was my 15th month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there s a bunch of things I do! \o/ I mostly worked on different things, I guess. I was too lazy to maintain a list of things I worked on so there s no concrete list atm. Maybe I ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

---

Debian (E)LTS

Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success. And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support). This was my thirty-first month as a Debian LTS and twentieth month as a Debian ELTS paid contributor.
I worked for 23.25 hours for LTS and 20.00 hours for ELTS.

LTS CVE Fixes and Announcements:

• Issued DLA 2976-1, fixing CVE-2022-1271, for gzip.
  For Debian 9 stretch, these problems have been fixed in version 1.6-5+deb9u1.
• Issued DLA 2977-1, fixing CVE-2022-1271, for xz-utils.
  For Debian 9 stretch, these problems have been fixed in version 5.2.2-1.2+deb9u1.
• Working on src:tiff and src:mbedtls to fix the issues, still waiting for more issues to be reported, though.
• Looking at src:mutt CVEs. Haven t had the time to complete but shall roll out next month.

ELTS CVE Fixes and Announcements:

• Issued ELA 593-1, fixing CVE-2022-1271, for gzip.
  For Debian 8 jessie, these problems have been fixed in version 1.6-4+deb8u1.
• Issued ELA 594-1, fixing CVE-2022-1271, for xz-utils.
  For Debian 8 jessie, these problems have been fixed in version 5.1.1alpha+20120614-2+deb8u1.
• Issued ELA 598-1, fixing CVE-2019-16935, CVE-2021-3177, and CVE-2021-4189, for python2.7.
  For Debian 8 jessie, these problems have been fixed in version 2.7.9-2-ds1-1+deb8u9.
• Working on src:tiff and src:beep to fix the issues, still waiting for more issues to be reported for src:tiff and src:beep is a bit of a PITA, though. :)

Other (E)LTS Work:

• Triaged gzip, xz-utils, tiff, beep, python2.7, python-django, and libgit2,
• Signed up to be a Freexian Collaborator! \o/
• Read through some bits around that.
• Helped and assisted new contributors joining Freexian.
• Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
• General and other discussions on LTS private and public mailing list.
• Attended monthly Debian meeting. Held on Jitsi this month.

Debian LTS Survey I ve spent 18 hours on the LTS survey on the following bits:

• Rolled out the announcement. Started the survey.
• Answered a bunch of queries, people asked via e-mail.
• Looked at another bunch of tickets: https://salsa.debian.org/freexian-team/project-funding/-/issues/23.
• Sent a reminder and fixed a few things here and there.
• Gave a status update during the meeting.
• Extended the duration of the survey.

---

Until next time.
:wq for today.

Every month we review the work funded by Freexian s Debian LTS offering. Please find the report for February below. Debian project funding

• In February Rapha l and the LTS worked on a survey of Debian developers meant to solicit ideas for improvements in the Debian project at large. You can see the results of the initial discussion here in the list of ideas of which there are already over 30.
• The full survey is due to be emailed to Debian Developers shortly.
• In February 2250 was put aside to fund Debian projects.

Debian LTS contributors In February, 12 contributors were paid to work on Debian LTS, their reports are available below. If you re interested in participating in the LTS or ELTS teams, we welcome participation from the Debian community. Simply get in touch with Jeremiah or Rapha l if you are if you are interested in participating.

• Abhijith PA did 10h out of 10h available.
• Anton Gladky did 20h out of 20h available.
• Ben Hutchings did 16h out of 16h available.
• Chris Lamb did 18h out of 18h available.
• Emilio Pozuelo Monfort did 42.75h out of 42.75h available.
• Jeremiah Foster worked 20 hours out of 20 available on LTS administration and 2.9 hours on funded projects.
• Markus Koschany did 30h (out of 40h available), thus carrying over 10h to March.
• Roberto C. S nchez did 12h out of 12h available.
• Sylvain Beucler did 13h (out of 40h available), thus carrying over 27h to March.
• Thorsten Alteholz did 40h out of 40h available.
• Utkarsh Gupta did 15.75h (out of 42.75h available), thus carrying over 27h to March.

Evolution of the situation In February we released 24 DLAs. The security tracker currently lists 61 packages with a known CVE and the dla-needed.txt file has 26 packages needing an update. You can find out more about the Debian LTS project via the following video:

Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 78 months)
  • GitHub (for 68 months)
  • Civil Infrastructure Platform (CIP) (for 46 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 89 months)
  • Linode (for 83 months)
  • Babiel GmbH (for 72 months)
  • Plat Home (for 71 months)
  • University of Oxford (for 28 months)
  • Deveryware (for 15 months)
  • VyOS Inc (for 10 months)
• Silver sponsors:
  • The Positive Internet Company (for 94 months)
  • Domeneshop AS (for 93 months)
  • Nantes M tropole (for 87 months)
  • Univention GmbH (for 79 months)
  • Universit Jean Monnet de St Etienne (for 79 months)
  • Ribbon Communications, Inc. (for 73 months)
  • Exonet B.V. (for 63 months)
  • Leibniz Rechenzentrum (for 57 months)
  • CINECA (for 46 months)
  • Minist re de l Europe et des Affaires trang res (for 40 months)
  • Cloudways Ltd (for 29 months)
  • Dinahosting SL (for 27 months)
  • Platform.sh (for 22 months)
  • Bauer Xcel Media Deutschland KG (for 21 months)
  • Moxa Intelligence Co., Ltd. (for 16 months)
  • sipgate GmbH (for 13 months)
  • OVH US LLC (for 11 months)
  • Tilburg University (for 11 months)
  • GSI Helmholtzzentrum f r Schwerionenforschung GmbH
  • Telecats BV
  • Soliton Systems K.K.
• Bronze sponsors:
  • Evolix (for 94 months)
  • Seznam.cz, a.s. (for 94 months)
  • Linuxhotel GmbH (for 91 months)
  • Intevation GmbH (for 90 months)
  • Daevel SARL (for 89 months)
  • Bitfolk LTD (for 88 months)
  • Megaspace Internet Services GmbH (for 88 months)
  • Greenbone Networks GmbH (for 87 months)
  • NUMLOG (for 87 months)
  • WinGo AG (for 86 months)
  • Ecole Centrale de Nantes LHEEA (for 83 months)
  • Entr ouvert (for 78 months)
  • Adfinis AG (for 75 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 70 months)
  • Tesorion (for 70 months)
  • GNI MEDIA (for 69 months)
  • Bearstech (for 61 months)
  • LiHAS (for 61 months)
  • People Doc (for 57 months)
  • Catalyst IT Ltd (for 56 months)
  • Supagro (for 51 months)
  • Demarcq SAS (for 50 months)
  • Universit Grenoble Alpes (for 36 months)
  • TouchWeb SAS (for 28 months)
  • SPiN AG (for 24 months)
  • CoreFiling (for 20 months)
  • Institut des sciences cognitives Marc Jeannerod (for 15 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 11 months)
  • Tem Innovations GmbH (for 6 months)
  • WordFinder.pro (for 6 months)
  • CNRS DT INSU R sif (for 4 months)

Here s my (twenty-ninth) monthly but brief update about the activities I ve done in the F/L/OSS world.

Debian

This was my 38th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas 19! \o/ I had been sick this month, so most of the time I spent away from system, recovering, et al, and also went through the huge backlog that I had, which is starting to get smaller. :D Anyway, I did the following stuff in Debian:

Uploads and bug fixes:

• at (3.4.4-1) - Adding a DEP8 test for the package, fixing bug #985421.

Other $things:

• Mentoring for newcomers.
• Moderation of -project mailing list.

---

Ubuntu

This was my 13th month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there s a bunch of things I do! \o/ I mostly worked on different things, I guess. I was too lazy to maintain a list of things I worked on so there s no concrete list atm. Maybe I ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

---

Debian (E)LTS

Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success. And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support). This was my twenty-ninth month as a Debian LTS and eighteenth month as a Debian ELTS paid contributor.
Whilst I was assigned 42.75 hours for LTS and 45.25 hours for ELTS, I could only work a little due to being sick and so I spent 15.75 hours on LTS and 9.25 hours on ELTS and worked on the following things:

LTS CVE Fixes and Announcements:

• Issued DLA 2909-1, fixing CVE-2021-45079, for strongswan.
  For Debian 9 stretch, these problems have been fixed in version 5.5.1-4+deb9u6.
• Issued DLA 2912-1, fixing CVE-2021-3850, for libphp-adodb.
  For Debian 9 stretch, these problems have been fixed in version 5.20.9-1+deb9u1.
• Issued DLA 2913-1, fixing CVE-2022-24130, for xterm.
  For Debian 9 stretch, these problems have been fixed in version 327-2+deb9u2.
• Issued DLA 2918-1, fixing CVE-2021-20001, for debian-edu-config.
  For Debian 9 stretch, these problems have been fixed in version 1.929+deb9u5.
• Simultaneously, I ve been working on the python* update but couldn t complete due to illness.

ELTS CVE Fixes and Announcements:

• Issued ELA 559-1, fixing CVE-2018-6561, CVE-2020-4051, and CVE-2021-23450, for dojo.
  For Debian 8 jessie, these problems have been fixed in version 1.10.2+dfsg-1+deb8u4.
• Issued ELA 560-1, fixing CVE-2021-3850, for libphp-adodb.
  For Debian 8 jessie, these problems have been fixed in version 5.15-1+deb8u2.
• Issued ELA 561-1, fixing CVE-2022-24130, for xterm.
  For Debian 8 jessie, these problems have been fixed in version 312-2+deb8u4.
• Also looking at python2.7 and python3.4 updates for jessie but couldn t complete due to illness.

Other (E)LTS Work:

• Triaged xterm, dojo, strongswan, debian-edu-config, libphp-adodb, and libgit2,
• Read through the logs of the monthly Debian LTS meeting.
• Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
• General and other discussions on LTS private and public mailing list.

Debian LTS Survey I ve spent 10 hours on the LTS survey on the following bits:
(and 5 hours of the last month that I m going to invoice this month)

• Put most of the content in the instance according to the question type.
• Been going back and forth updating the status of the survey on the issue.
• Trying to find a way to send to DDs - discussing with DPL, Raphael, and other people on the issue itself.
• Completing the last bits to start the survey for the paid contributors, at least. Talking to Jeremiah about this.

---

Until next time.
:wq for today.

Here s my (twenty-seventh) monthly but brief update about the activities I ve done in the F/L/OSS world.

Debian

This was my 36th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas 19! \o/ Just churning through the backlog again this month. Ugh. Anyway, I did the following stuff in Debian:

Uploads and bug fixes:

• ruby2.7 (2.7.5-1) - New upstream version fixing 3 new CVEs.

Other $things:

• Mentoring for newcomers.
• Moderation of -project mailing list.

---

Ubuntu

This was my 11th month of actively contributing to Ubuntu. Now that I ve joined Canonical to work on Ubuntu full-time, there s a bunch of things I do! \o/ I mostly worked on different things, I guess. I was too lazy to maintain a list of things I worked on so there s no concrete list atm. Maybe I ll get back to this section later or will start to list stuff from next year onward, as I was doing before. :D

---

Debian (E)LTS

Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success. And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support). This was my twenty-seventh month as a Debian LTS and eighteenth month as a Debian ELTS paid contributor.
I was assigned 40.00 hours for LTS and 60.00 hours for ELTS and worked on the following things:
(since I had a 3-week vacation, I wanted to wrap things up that were pending and so I worked for 20h more for LTS, which I ll compensate the next month!)

LTS CVE Fixes and Announcements:

• Issued DLA 2844-1, fixing CVE-2021-44540 and CVE-2021-44543, for privoxy.
  For Debian 9 stretch, these problems have been fixed in version 3.0.26-3+deb9u3.
• Issued DLA 2847-1, fixing CVE-2021-44858, for mediawiki.
  For Debian 9 stretch, these problems have been fixed in version 1:1.27.7-1+deb9u11.
• Issued DLA 2853-1, fixing CVE-2021-41817 and CVE-2021-41819, for ruby2.3.
  For Debian 9 stretch, these problems have been fixed in version 2.3.3-1+deb9u11.
• Issued DLA 2854-1, fixing CVE-2017-18635, for novnc.
  For Debian 9 stretch, these problems have been fixed in version 1:0.4+dfsg+1+20131010+gitf68af8af3d-6+deb9u1.
• Issued DLA 2860-1, fixing CVE-2018-7750 and CVE-2018-1000805, for paramiko.
  For Debian 9 stretch, these problems have been fixed in version 2.0.0-1+deb9u1.
• Issued DLA 2862-1, fixing CVE-2018-12020 and CVE-2019-6690, for python-gnupg.
  For Debian 9 stretch, these problems have been fixed in version 0.3.9-1+deb9u1.
• Issued DLA 2864-1, fixing CVE-2017-1002201, for ruby-haml.
  For Debian 9 stretch, these problems have been fixed in version 4.0.7-1+deb9u1.
• Issued DLA 2871-1, fixing CVE-2021-43818, for lxml.
  For Debian 9 stretch, these problems have been fixed in version 3.7.1-1+deb9u5.
• Simultaneously, I ve been working on rolling the samba update. Should happen the next month.

ELTS CVE Fixes and Announcements:

• Issued ELA 525-2, fixing CVE-2021-43527, for nss.
  For Debian 8 jessie, these problems have been fixed in version 2:3.26-1+debu8u15.
• Issued ELA 530-1, for systemd.
  For Debian 8 jessie, these problems have been fixed in version 215-17+deb8u14.
• Issued ELA 531-1, fixing CVE-2021-41817 and CVE-2021-41819, for ruby2.1.
  For Debian 8 jessie, these problems have been fixed in version 2.1.5-2+deb8u13.
• Issued ELA 533-1, fixing CVE-2018-12020, for python-gnupg.
  For Debian 8 jessie, these problems have been fixed in version 0.3.6-1+deb8u2.
• Issued ELA 536-1, fixing CVE-2021-43818, for lxml.
  For Debian 8 jessie, these problems have been fixed in version Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain.
• Started working on src:samba for CVE-2020-25717 to CVE-2020-25722 and CVE-2021-23192 for jessie and stretch, both.
  The version difference b/w the suites are a bit too much for the patch(es) to be easily backported. I ve talked to Anton to work something out. \o/
• Found the problem w/ libjdom1-java. Will have to roll the regression upload.
  I ve prepared the patch but needs some testing to be finally rolled out. Same for stretch.

Other (E)LTS Work:

• Front-desk duty from 29-11 to 05-12 and 20-12 to 26-12 for both LTS and ELTS.
• Triaged ffmpeg, git, gpac, inetutils, mc, modsecurity-crs, node-object-path, php-pear, systemd-cron, node-tar, ruby2.3, gst-plugins-bad0.10, npm, nltk, request-tracker4, ros-ros-comm, mediawiki, ruby2.1, ckeditor, ntfs-3g, tiff, wordpress, and jsoup, udisks2, libgit2, python3.5, python3.4, and openssh.
• Mark CVE-2021-38171/ffmpeg as postponed for stretch.
• Mark CVE-2021-40330/git as no-dsa for stretch and jessie.
• Mark CVE-2020-19481/gpac as ignored for stretch.
• Mark CVE-2021-40491/inetutils as no-dsa for stretch.
• Mark CVE-2021-36370/mc as no-dsa for stretch and jessie.
• Mark CVE-2021-35368/modsecurity-crs as no-dsa for stretch.
• Mark CVE-2021-23434/node-object-path as end-of-life for stretch.
• Mark CVE-2021-32610/php-pear as no-dsa for stretch.
• Mark CVE-2017-9525/systemd-cron as no-dsa for stretch.
• Mark CVE-2021-37701/node-tar as end-of-life for stretch.
• Mark CVE-2021-37712/node-tar as end-of-life in stretch.
• Mark CVE-2021-39201/wordpress as not-affected for jessie.
• Mark CVE-2020-19143/tiff as not-affected for stretch and jessie.
• Mark CVE-2021-38562/request-tracker4 as no-dsa for stretch.
• Mark CVE-2021-37146/ros-ros-comm as no-dsa for stretch.
• Mark CVE-2021-28965/ruby2.1 as ignored for jessie.
• Mark CVE-2021-37714/jsoup as ignored for jessie.
• Mark CVE-2021-41617/openssh as no-dsa for jessie.
• Auto EOL ed ardour, nltk, request-tracker4, python-scrapy, webkit2gtk, and linux for jessie.
• Attended monthly Debian LTS meeting.
• Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
• General and other discussions on LTS private and public mailing list.

Debian LTS Survey I ve spent 5 hours on the LTS survey on the following bits:

• Went through the old content on the previous survey.
• Reviewed the new content - still more work to do.
• Discussed the survey bits in the team meeting.
• Partly reviewing the questions of the survey.
• Walking through the instance to find the doability of the tasks discussed in the meeting.
• Segregating and staging questions. More work to do here.

---

Until next time.
:wq for today.

Every month we review the work funded by Freexian s Debian LTS offering. Please find the report for November below. Debian project funding

• Our project funding work continues with an active bid on the work of packaging a recent gradle in Debian. This month the bidder has been estimating the scope of the entire project.
• The Grow Your Ideas project page also has some ambitious initiatives that may evolve into a funded project. The project ideas on that page range from a new wiki for Debian, a more efficient reimbursement process, and the implementation of PPAs for Debian.
• In November 2625 was put aside to fund Debian projects.

We continue to looking forward to hearing about Debian project proposals from various Debian stakeholders. This month has seen work on a survey that will go out to Debian Developers to gather feedback on what they think should be the priorities for funding in the project. Learn more about the rationale behind this initiative in this article. Debian LTS contributors In November 13 contributors were paid to work on Debian LTS, their reports are available below. If you re interested in participating in the LTS or ELTS teams, we welcome participation from the Debian community. Simply get in touch with Jeremiah if you are interested in participating.

• Adrian Bunk did 62h out of 56h assigned for November and 6h from October.
• Anton Gladky did 12h out of 12h assigned.
• Ben Hutchings did 20h (out of 16h available, thus anticipating 4h from December).
• Chris Lamb did 18h out of 18h assigned.
• Holger Levsen gave back 3h (out of 3h assigned).
• Jeremiah Foster is coordinating/managing the LTS team did 29h (out of 10h assigned and 10h from October for LTS administration), and spent 9 hours on Projects funded directly through the project funding program.
• Lee Garrett did 9 hours out 60 assigned and carried over 51h into December
• Markus Koschany did 30h out of 30h assigned.
• Neil Williams did 1.5h (out of 11.5h assigned and 28.5h from October). He gave back the remaining hours.
• Roberto C. S nchez did 31.5h (out of 32h assigned), thus carrying over .5h to December.
• Sylvain Beucler did 21.5h (out of 62h assigned), thus carrying over 40.5h to December.
• Thorsten Alteholz did 40h (out of 40h assigned).
• Utkarsh Gupta did 30 (out of 40h assigned), thus carrying over 10h to December.

Evolution of the situation In November we released 31 DLAs. The security tracker currently lists 23 packages with a known CVE and the dla-needed.txt file has 16 packages needing an update. Thanks to our sponsors Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 75 months)
  • GitHub (for 65 months)
  • Civil Infrastructure Platform (CIP) (for 43 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 86 months)
  • Linode (for 80 months)
  • Babiel GmbH (for 69 months)
  • Plat Home (for 68 months)
  • University of Oxford (for 25 months)
  • Deveryware (for 12 months)
  • VyOS
• Silver sponsors:
  • The Positive Internet Company (for 91 months)
  • Domeneshop AS (for 90 months)
  • Nantes M tropole (for 84 months)
  • Univention GmbH (for 76 months)
  • Universit Jean Monnet de St Etienne (for 76 months)
  • Ribbon Communications, Inc. (for 70 months)
  • Exonet B.V. (for 59 months)
  • Leibniz Rechenzentrum (for 54 months)
  • CINECA (for 43 months)
  • Minist re de l Europe et des Affaires trang res (for 37 months)
  • Cloudways Ltd (for 26 months)
  • Dinahosting SL (for 24 months)
  • Platform.sh (for 19 months)
  • Bauer Xcel Media Deutschland KG (for 18 months)
  • Moxa Intelligence Co., Ltd. (for 13 months)
  • sipgate GmbH (for 10 months)
  • OVH US LLC (for 8 months)
  • Tilburg University (for 8 months)
• Bronze sponsors:
  • Evolix (for 91 months)
  • Seznam.cz, a.s. (for 91 months)
  • Linuxhotel GmbH (for 88 months)
  • Intevation GmbH (for 87 months)
  • Daevel SARL (for 86 months)
  • Bitfolk LTD (for 85 months)
  • Megaspace Internet Services GmbH (for 85 months)
  • Greenbone Networks GmbH (for 84 months)
  • NUMLOG (for 84 months)
  • WinGo AG (for 83 months)
  • Ecole Centrale de Nantes LHEEA (for 80 months)
  • Entr ouvert (for 75 months)
  • Adfinis AG (for 72 months)
  • Laboratoire LEGI UMR 5519 / CNRS (for 67 months)
  • Tesorion (for 67 months)
  • GNI MEDIA (for 66 months)
  • Bearstech (for 58 months)
  • LiHAS (for 58 months)
  • People Doc (for 54 months)
  • Catalyst IT Ltd (for 53 months)
  • Supagro (for 48 months)
  • Demarcq SAS (for 47 months)
  • Universit Grenoble Alpes (for 33 months)
  • TouchWeb SAS (for 25 months)
  • SPiN AG (for 21 months)
  • CoreFiling (for 17 months)
  • Institut des sciences cognitives Marc Jeannerod (for 12 months)
  • Observatoire des Sciences de l Univers de Grenoble (for 8 months)
  • Tem Innovations GmbH (for 3 months)
  • WordFinder.pro (for 3 months)
  • CNRS DT INSU R sif