LTS & ELTS Report for October 2022

In October I spent 5.5 hours on Debian LTS:

• Issuing a security updates for CVE-2022-37454, a buffer overflow in the reference SHA-3 implementation, XKCP in: pysha3 and python3.7.
• Updating distro-info-data in Debian LTS, to include Ubuntu 23.04, and make other corrections.

In October I spent 2 hours on Debian ELTS:

• Updating distro-info-data in Debian ELTS, which hadn't been updated in a long time.

During the month Freexian sponsored 20 hours of Debian time, which I spent on:

• Winding up DebConf 22 Accounting.
• Helping the DebConf 23 team to get set up their budget.
• Maintenance of dh-python: fixing a bug I introduced in handling dh_python3 -X, handling a wider range of PEP-440 version constraints in environment markers.
• Python Team package maintenance: unidecode, beets, python-discogs-client, git-filter-repo, hatchling, python-distro, lazr.restfulclient, python-launchpadlib.
• Debian Python team sponsorship: pmbootstrap
• Supporting the nodoc and nocheck build profiles in my key packages, to help the release team to reduce the size of the key package set: beautifulsoup4, configobj, dh-python, distro-info, distro-info-data, hatch-vcs, platformidrs, python-cachecontrol, python-cffi, python-flexmock, python-installer, python-launchpadlib, python-mitogen, python-pip, python-virtualenv, python-wadllib, python-webencodings, snowball, wheel.
• Supporting Python 3.11 in key packages where we had noticed problems: python-cffi, python-py, toolz, python-greenlet.
• Updating distro-info-data for the release of Ubuntu 22.10. Including an update for the next Debian stable point release.
• Dealing with CVE-2022-37454 in unstable, by patching pypy3. Patched python-opentimestamps to migrate off pysha3, so it could be removed from the archive, as it's no longer maintained upstream.
• Dealing with CVE-2022-37454 in stable, by patching pypy3 and pysha3.