Hi, here are some remarks about my work during last month. - python-tornado (ELTS / LTS / OSPU/SPU/DSA) I released ELA-1672-1 and DLA-4520-1 fixing CVE-2026-31958 and an issue without CVE (TEMP-1132367-86138D). I'm currently in contact with the security team on how to address these issues in Bookworm and Trixie because the DSA has not been released yet. They also informed me today of a possible regression they discovered in the DSA candidates that would also affect DLA 4461-1/ELA 1635-1/ELA 1654-1. - node-tar (ELTS / LTS / OSPU/SPU/DSA) I backported the required changes to fix the issues introduced by the fix for CVE-2026-23745. This also included backporting fixes for regressions and the newly discovered CVE-2026-29786 and CVE-2026-31802, and fixing the tests for CVE-2026-26960. The LTS/DLA candidate, adressing 6 CVEs, has already been uploaded to debusine.debian.net and is only awaiting the autopkgtest results. I have the DSA candidates almost ready for review as well. - python-aiohttp (LTS / OSPU/SPU) Slow progress due to the the previously mentioned tasks. - python-authlib (SPU) I got the OK for the SPU and uploaded the proposed update. I haven't heard back regarding the OSPU, though. - misc I was FD from March 9th to 15th. Thanks to Freexian and Freexian's sponsors for making these projects possible: https://www.freexian.com/lts/debian/#sponsors). Regards, Daniel
Attachment:
signature.asc
Description: This is a digitally signed message part