FOSS Activites in January 2023

Here’s my (fortieth) monthly but brief update about the activities I’ve done in the F/L/OSS world.


This was my 49th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas ‘19! \o/

There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:


  • redmine (5.0.4-1) - Fixing bug #1022818, #1026048, and #1027340.
  • libyang2 (2.1.30-2) - Adding DEP8 test for yangre.


  • Proposed tomcat9 bullseye -pu via 9.0.43-2~deb11u5.
  • Helped Otto with review of mariadb from NEW.
  • Sponsored php-font-lib for William.
  • Advocated William for becoming DD, uploading.
  • Granted some DM rights.
  • Mentoring for newcomers.
  • Reviewed libgit2 bits, new uploads and changes.
  • Moderation of -project mailing list.

A huge thanks to Freexian for sponsoring my Debian work. :D


This was my 24th month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there’s a bunch of things I do! \o/

I mostly worked on different things, I guess.

I was too lazy to maintain a list of things I worked on so there’s no concrete list atm. Maybe I’ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

Debian (E)LTS

Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.

And Debian Extended LTS (ELTS) is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).

This was my fortieth month as a Debian LTS and thirty-first month as a Debian ELTS paid contributor.
I worked for 43.25 hours for LTS and 25.00 hours for ELTS.

LTS CVE Fixes and Announcements:

ELTS CVE Fixes and Announcements:

Other (E)LTS Work:

  • Triaged node-moment, modsecurity-apache, ruby-git, ruby-sinatra, gpac, cargo, git, openjdk-11, swift, libxpm, lilypond, openjdk-8, modsecurity, netdata, nim, rust-cargo, sgt-puzzles, apache2, wireshark, libhtml-stripscripts-perl, redis, tomcat8, tiff, ruby-rack, tmux, ruby-rack, ruby-sidekiq, libapache2-mod-auth-mellon, jupyter-core, net-snmp, and rabbitmq-server.
  • Marked CVE-2023-{0358,2314{3-5}}/gpac as EOL for buster.
  • Marked CVE-2022-46176/cargo as no-dsa in buster.
  • Marked CVE-2022-4{4617,6285,883}/libxpm as no-dsa for buster, stretch, and jessie.
  • Marked CVE-2020-17354/lilypond as ignored for buster.
  • Marked CVE-2022-48279/modsecurity as no-dsa for buster.
  • Marked CVE-2023-2249{6,7}/netdata as no-dsa for buster.
  • Marked CVE-2021-46872/nim as no-dsa for buster.
  • Marked CVE-2022-46176/rust-cargo as no-dsa in buster.
  • Marked TEMP-1028986-7037E6/sgt-puzzles as no-dsa for buster.
  • Marked CVE-2006-20001 and CVE-2022-3{6760,7436}/apache2 as postponed for stretch and jessie.
  • Marked CVE-2023-22458/redis as not-affected for stretch and jessie.
  • Marked CVE-2022-45143/tomcat8 as postponed for stretch and jessie.
  • Marked CVE-2022-44572/ruby-rack as not-affected for stretch.
  • Marked CVE-2022-47950/swift as not-affected for stretch.
  • Auto EOL’d node-debug, nim, netty, ruby-git, firefox-esr, linux, swift, radare2, gpac, virtualbox, shiro, sgt-puzzles, pdns-recursor, sofia-sip, libgit2, wireshark, amanda, libhtml-stripscripts-perl, pkgconf, libapache-session-ldap-perl, golang-yaml.v2, nvidia-graphics-drivers, xen, rails, ruby-rack, assimp, thunderbird, cinder, glance, nova, editorconfig-core, chromium, ruby-globalid, spip, opusfile, pgpool2, and ruby-sanitize.
  • Helped and assisted new contributors joining Freexian (LTS/ELTS/internally).
  • Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.
  • Participated and helped fellow members with their queries via private mail and chat.
  • General and other discussions on LTS private and public mailing list.
  • Attended the monthly LTS meeting.

Until next time.
:wq for today.