LTS & ELTS Report for October 2022
In October I spent 5.5 hours on Debian LTS:
- Issuing a security updates for CVE-2022-37454, a buffer overflow in the reference SHA-3 implementation, XKCP in: pysha3 and python3.7.
- Updating distro-info-data in Debian LTS, to include Ubuntu 23.04, and make other corrections.
In October I spent 2 hours on Debian ELTS:
- Updating distro-info-data in Debian ELTS, which hadn't been updated in a long time.
During the month Freexian sponsored 20 hours of Debian time, which I spent on:
- Winding up DebConf 22 Accounting.
- Helping the DebConf 23 team to get set up their budget.
- Maintenance of dh-python: fixing a bug I introduced in handling dh_python3 -X, handling a wider range of PEP-440 version constraints in environment markers.
- Python Team package maintenance: unidecode, beets, python-discogs-client, git-filter-repo, hatchling, python-distro, lazr.restfulclient, python-launchpadlib.
- Debian Python team sponsorship: pmbootstrap
- Supporting the
nocheckbuild profiles in my key packages, to help the release team to reduce the size of the key package set: beautifulsoup4, configobj, dh-python, distro-info, distro-info-data, hatch-vcs, platformidrs, python-cachecontrol, python-cffi, python-flexmock, python-installer, python-launchpadlib, python-mitogen, python-pip, python-virtualenv, python-wadllib, python-webencodings, snowball, wheel.
- Supporting Python 3.11 in key packages where we had noticed problems: python-cffi, python-py, toolz, python-greenlet.
- Updating distro-info-data for the release of Ubuntu 22.10. Including an update for the next Debian stable point release.
- Dealing with CVE-2022-37454 in unstable, by patching pypy3. Patched python-opentimestamps to migrate off pysha3, so it could be removed from the archive, as it's no longer maintained upstream.
- Dealing with CVE-2022-37454 in stable, by patching pypy3 and pysha3.