E?LTS report

To: debian-lts@lists.debian.org, debian-lts@lists.debian.org
Subject: E?LTS report
From: Bastien Roucaries <rouca@debian.org>
Date: Fri, 01 May 2026 19:06:28 +0200
Message-id: <[🔎] 3443159.44csPzL39Z@debian-ei>

I've worked during april on the below listed packages, for Freexian
LTS/ELTS [1]

Many thanks to Freexian and our sponsors [2] for providing this opportunity!

LTS
===

imagemagick
--------------------

I fixed the regresion of the previous month on i386 that was due to:
- a FPU format bug
- another format problem

I Prepare a bookworm release and DSA-6210-1 was released

I Release bullseye DLA-4539-1 fixing CVE-2026-25971, CVE-2026-25985, CVE-2026-26284, CVE-2026-26983, CVE-2026-28494, 
CVE-2026-28686, CVE-2026-28687, CVE-2026-28688, CVE-2026-28689, CVE-2026-28690, CVE-2026-28691, CVE-2026-28692, 
CVE-2026-28693, CVE-2026-30883, CVE-2026-30936, CVE-2026-30937, CVE-2026-31853, CVE-2026-32259, CVE-2026-32636, 
CVE-2026-33535, CVE-2026-33536

I release buster ELA-1690-1 CVE-2026-25971 CVE-2026-25985 CVE-2026-26284 CVE-2026-26983 CVE-2026-28494 
CVE-2026-28687 CVE-2026-28688 CVE-2026-28689 CVE-2026-28690 CVE-2026-28691 CVE-2026-28692 CVE-2026-28693
 CVE-2026-30883 CVE-2026-30936 CVE-2026-30937 CVE-2026-31853 CVE-2026-32259 CVE-2026-32636
CVE-2026-33535 CVE-2026-33536

I fix stretch. Release ELA-1696-1 fixing CVE-2026-25985 CVE-2026-26284 CVE-2026-26983 CVE-2026-28494 CVE-2026-28686
 CVE-2026-28689 CVE-2026-28690 CVE-2026-28691 CVE-2026-28692 CVE-2026-28693 CVE-2026-30883 
CVE-2026-30936 CVE-2026-30937 CVE-2026-31853 CVE-2026-32259 CVE-2026-32636 
CVE-2026-33535 CVE-2026-33536

I fix trixie fixing CVE-2026-32636 CVE-2026-33535 CVE-2026-33536 CVE-2026-33899 
CVE-2026-33900 CVE-2026-33901 CVE-2026-33902 CVE-2026-33905   CVE-2026-33908 CVE-2026-34238
CVE-2026-40169 CVE-2026-40183    CVE-2026-40310 CVE-2026-40311 CVE-2026-40312
DSA 6240-1 was released

I fixed bookworm and DSA is on the way

gpsd
--------

I upload a PU for bookworm
Fix CVE-2025-67268 (Closes: #1124800)
and Fix CVE-2025-67269 (Closes: #1124799).

apache2
------------

I Upload of PU for bookworm fixing a regression. This PU was not yet accepted

netty
-------

triage recent CVEs
Fix CVE-2026-33871

bind9
--------

finalize fix for buster
Fix CVE-2026-1519 for bullseye
Fix CVE-2025-8677 for buster

nghttp2
------------

Review fix for CVE-2026-27135


Other
=====

I attend monthly meeting
I was also FD


Cheers

rouca

[1]  https://www.freexian.com/lts/
[2]  https://www.freexian.com/lts/debian/#sponsors

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Prev by Date: Debian LTS and ELTS report - April 2026
Next by Date: Debian LTS and ELTS report for April 2026
Previous by thread: Debian LTS and ELTS report - April 2026
Next by thread: Debian LTS and ELTS report for April 2026
Index(es):
- Date
- Thread