Debian (E)LTS report for February 2026

To: debian-lts@lists.debian.org
Subject: Debian (E)LTS report for February 2026
From: Guilhem Moulin <guilhem@debian.org>
Date: Mon, 2 Mar 2026 01:18:05 +0100
Message-id: <[🔎] c7l6KzsUf7hqYzO8@debian.org>
Mail-followup-to: debian-lts@lists.debian.org

During the month of February 2026 and on behalf of Freexian, I worked on the
following:

roundcube
---------

Uploaded 1.4.15+dfsg.1-1+deb11u7 and issued DLA-4480-1.
https://lists.debian.org/msgid-search/?m=aZRWDjgJrtieQPMl@debian.org

  * CVE-2026-25916: Remote image blocking bypass via SVG content.
  * CVE-2026-26079: Insufficient CSS sanitation in text/html emails.

gnutls28
--------

Uploaded 3.7.1-5+deb11u9 and issued DLA-4492-1.
https://lists.debian.org/msgid-search/?m=aZ69HJugXyF6vnaD@debian.org

  * CVE-2025-9820: Stack overflow during PKCS#11 token initialization.
  * CVE-2025-14831: Denial of Service during verification of specially
    crafted certificates.

Also, uploaded 3.6.7-4+deb10u15 (buster) and 3.5.8-5+deb9u10 (stretch),
and issued ELA-1653-1 for the above vulnerabilities.
https://www.freexian.com/lts/extended/updates/ela-1653-1-gnutls28/

Thanks to the sponsors for financing the above, and to Freexian for
coordinating!
-- 
Guilhem.

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: Debian LTS and ELTS report for February 2026
Next by Date: Debian LTS and ELTS - February 2026
Previous by thread: Debian LTS and ELTS report for February 2026
Next by thread: Debian (E)LTS report for February 2026
Index(es):
- Date
- Thread