Debian LTS and ELTS report - April 2026

To: debian-lts@lists.debian.org
Subject: Debian LTS and ELTS report - April 2026
From: Emmanuel Arias <eamanu@debian.org>
Date: Fri, 1 May 2026 13:07:08 -0300
Message-id: <[🔎] afTPrFG6JweCSGl0@debian>

Hello!

I've worked on the packages mentioned below, for Freexian LTS/ELTS [1].

Many thanks to Freexian and our sponsors [2] for providing this opportunity!

LTS

- libexif: I released DLA-4558-1 fixing CVE-2026-40386, CVE-2026-40385 and
  CVE-2026-32775. Also I created the backport for trixie and bookworm.
- pyasn1: I released DLA-4557-1 fixing CVE-2026-30922. Also I created the
  backport for trixie and bookworm.
- Work in python-flask-httpauth to fix CVE-2026-34531.
- Continue working in python-authlib to fix CVE-2026-27962, CVE-2026-28490 and
  CVE-2026-28498

ELTS

- Update python-gevent for (E)LTS team according to review. Preparing for
  upload.
- Working in pyasn1 to fix CVE-2026-30922 in buster.


[1] https://www.freexian.com/lts/
[2] https://www.freexian.com/lts/debian/#sponsors

-- 
cheers,
        Emmanuel Arias

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  eamanu@debian.org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: 13796755BBC72BB8ABE2AEB5 FA9DEC5DE11C63F1
 ⠈⠳⣄

Attachment: signature.asc
Description: PGP signature

Reply to:

Next by Date: E?LTS report
Next by thread: E?LTS report
Index(es):
- Date
- Thread