Debian LTS work, February 2016
February marked the end of Debian 6.0 "squeeze" LTS, though there was some initial confusion (partly my fault) over which day of month it should end. I carried over 10 hours from January and was assigned another 11.25 hours of work by Freexian's Debian LTS initiative. I worked a total of 14 hours.
I started the month with "the final" update to the linux-2.6 kernel package (DLA-412-1), fixing 5 CVEs and incorporating upstream stable update 2.6.32.70. After it was agreed that support would continue to the end of the month, I made one more update on the last day (DLA-439-1), fixing 4 CVEs, a regression, and some issues I had found lacking CVEs (one is now CVE-2012-6701).
I helped to edit the end-of-life announcement for Squeeze LTS.
I spent a fairly quiet week in the front desk, triaging new issues for squeeze.
As I've volunteered to handle embargoed issues, I prepared security updates to libssh and libssh2 and issued them minutes after the public disclosure of the similarly disastrous CVE-2016-0739 and CVE-2016-0787 issues.