Hi, here are some remarks about my work last month. - r-cran-gh (LTS / OSPU / SPU) Released DLA 4378-1 fixing CVE-2025-54956 and created OSPU (#1121357) and SPU (#1121384) uploads. - pytorch (LTS) Released DLA 4389-1 fixing CVE-2025-32434. However, there won't be any follow-ups as the package has no customer support right now (and the situation in Sid is tricky as well). - pagure (LTS / OSPU) Released DLA-4390-1 fixing 4 CVEs. Because Bookworm has the same upstream release version, I sent an OSPU proposal to the maintainer for review and learnt that the package is supposed to be removed from Bookworm due to its bad shape. I created an issue and proposed EOLing or backporting it for LTS. - python-mistralclient (LTS) / mistral-dashboard (LTS) Released DLA-4391-1 and DLA-4392-1 fixing CVE-2021-4472. - python-tornado (ELTS) Finally found a solution for Stretch and uploaded it. Due to some infrastructure related issues, the build seems to be stalled at the moment. The ELA will be released as soon as this problem has been resolved. - python-pip (LTS / OSPU) Started to work on fixing outstanding issues resolved by DLA-4348-1 in Bookworm as well. There further was a discussion opened by an LTS user requesting that the Bullseye version keeps Python 2 compatibility although Bullseye doesn't build modules for Python 2 anymore. The final conclusion was to deny that request. Thanks to Freexian and Freexian's sponsors for making these projects possible: https://www.freexian.com/lts/debian/#sponsors). Regards, Daniel
Attachment:
signature.asc
Description: This is a digitally signed message part