Hi, here are some remarks about my work last month. - snapcast (LTS) I've uploaded DLA 4252-1 fixing one CVE. I also attempted to get in contact with the maintainer to get the improved fix applied to Bookworm. - pytorch (LTS) I have prepped and tested multiple patches for pytorch. It is lacking behind upstream and multiple issue have not been fixed in Sid/Trixie yet. - u-boot (LTS/PU) Testing continued. PU is also still in the workings. - commons-vfs (PU) The PU has been approved and uploaded. - libcommons-lang-java/libcommons-lang3-java (LTS/ELTS) I have prepped updates to fix CVE-2025-48924 in ELTS and LTS and successfully tested them. There is some coordination necessary to fix them Sid/Trixie as well. - python-tornado (ELTS) I tried to find a solution to fix CVE-2025-47287 in Stretch as well. But tests keep failing. - mysql-connector-python (ELTS) I progressed slowly. However, due to it not being financially supported anymore, it has been decided that this package will be dropped by the end of July. - misc I looked into multiple packages and added my findings to the security tracker and our *-needed.txt files accordingly. I also attended Debconf and met with other members of the LTS team. Thanks to Freexian and Freexian's sponsors for making these projects possible: https://www.freexian.com/lts/debian/#sponsors). Regards, Daniel
Attachment:
signature.asc
Description: This is a digitally signed message part