--- title: My contributions to Debian - June 2026 date: 01 July, 2026 author: eamanu tags: new-blog, Debian, free-software --- # LTS ## postgresql - -13 Work on fix for CVE-2026-6637, CVE-2026-6479, CVE-2026-6478, CVE-2026-6477, CVE-2026-6475, CVE-2026-6474, CVE-2026-6473. - Work in several CVEs for bullseye. - -13 Release DLA-4646-1 to fix many CVEs. ## kr5 - Mark CVE-2026-40355 and CVE-2026-40356 as not-affected in Buster and Stretch ## beets - Sponsor beets 1.4.9-7+deb11u1 to fix CVE-2026-42052, kudos to Pieter Lenaerts . - Send DLA-4641-1. ## gdcm - Release DLA 4652-1 to fix: CVE-2024-22373, CVE-2024-22391, CVE-2024-25569, CVE-2025-11266, CVE-2025-48429, CVE-2025-52582, CVE-2025-53618, CVE-2025-53619 and CVE-2026-3650 ## bind9 - work on CVE-2026-5950, CVE-2026-5946, CVE-2026-3592 and CVE-20263039. ## libssh2 - Work on CVE-2026-58051, CVE-2026-58050, CVE-2026-7598 and CVE-2026-15661. Send patches to review # ELTS ## krb5 - Mark CVE-2026-40355 and CVE-2026-40356 as not affected in buster and stretch. - The NegoEx was introduced in 1.18 ## corosync - Release ELA-1746-1 to fix CVE-2026-35091 and CVE-2026-35092 for Buster an Stretch. ## python3 - .7 Work in several CVEs for buster. # Sponsor - beets: Prepare security to fix, it was uploaded to bullseye-security. Kudos to Pieter Lenaerts . - junit2html: Sponsor new upstream release, kudos to Gabriel Barrantes - junit2html: Sponsor new upstream release 31.1.4-1, kudos to Gabriel Barrantes - ubuntu: -snippets Sponsor backport to trixie 1.3~bpo13+1 , kudos to Thomas Ward # Debian Python Team ## python-pytest-asyncio - New upstream release 1.4.0. - Uploaded to unstable. ## asgi - -csrf Fix RC bug [#1133917] (https://bugs.debian.org/1133917). - Also send [patch](https://github.com/simonw/asgi-csrf/pull/39) to upstream. ## terminado - Fix RC bug [#1114403](https://bugs.debian.org/1114403). # Debian User Forums - forums - 2026-06-15: https://forums.debian.net/viewtopic.php?p=844834#p844834 - 2026-06-21: https://forums.debian.net/viewtopic.php?p=845106#p845106 - 2026-06-28: https://forums.debian.net/viewtopic.php?p=845414#p845414 # DFSG - Review rust-typos for DFSG, it was accepted. - Review rust-typos-dicwt for DFSG, it was accepted. - Review rust-varcon for DFSG, it was accepted. - Review rust-varcon-core for DFSG, it was accepted. - Review nocturne for DFSG, it was rejected. - Review rust-dictgen for DFSG, it was accepted. - Review rust-hidreport for DFSG, it was accepted. - Review rust-linkme for DFSG, it was accepted. - Review rust-varcon for DFSG, it was accepted. - Review gaphor for DFSG, it was accept. - Review nocturne for DFSG, it was accepted. - Review rust-platforms-dirs for DFSG, it was accepted. - Review ggml for DFSG, it was rejected. - Review rust-zerotrie for DFSG, it was accepted - Review rust-parlance for DFSG, it was accepted --- # Detailed logwork - 2: - krb5: Mark CVE-2026-40355 and CVE-2026-40356 as not affected in buster and stretch. This work is Sponsored by Freexian. - The NegoEx was introduced in 1.18 - 3: - python-pytest-asyncio: New upstream release 1.4.0. - Uploaded to unstable. - asgi: -csrf Fix RC bug [#1133917] (https://bugs.debian.org/1133917). - Also send [patch](https://github.com/simonw/asgi-csrf/pull/39) to upstream. - corosync: Release ELA-1746-1 to fix CVE-2026-35091 and CVE-2026-35092 for Buster an Stretch. This work is Sponsored by Freexian. - 6: - Review rust-typos for DFSG, it was accepted. - Review rust-typos-dicwt for DFSG, it was accepted. - Review rust-varcon for DFSG, it was accepted. - Review rust-varcon-core for DFSG, it was accepted. - Review nocturne for DFSG, it was rejected. - Review rust-dictgen for DFSG, it was rejected. - Review rust-dictgen for DFSG, it was accepted. - Review rust-hidreport for DFSG, it was accepted. - Review rust-linkme for DFSG, it was accepted. - 7: - Review rust-varcon for DFSG, it was accepted. - Review gaphor for DFSG, it was rejected. - 8: - terminado: Fix RC bug [#1114403](https://bugs.debian.org/1114403). - 15: - postgresql: -13 Work on fix for CVE-2026-6637, CVE-2026-6479, CVE-2026-6478, CVE-2026-6477, CVE-2026-6475, CVE-2026-6474, CVE-2026-6473. This work is Sponsored by Freexian. - Prepare security to fix, it was uploaded to bullseye-security. - Kudos to Pieter Lenaerts . - forums - Debian User Forums Best Threads of the Week - [2026-06-15](https://forums.debian.net/viewtopic.php?p=844834#p844834) - python3: .7 Work in several CVEs for buster. This work is Sponsored by Freexian. - 16: - Review gaphor for DFSG, it was accept. - Sponsor new upstream release, kudos to Gabriel Barrantes - 19: - postgresql: Work in several CVEs for bullseye. This work is Sponsored by Freexian. - 20: - Sponsor new upstream release 31.1.4-1, kudos to Gabriel Barrantes - -snippets Sponsor backport to trixie 1.3~bpo13+1 , kudos to Thomas Ward - 21: - kr5: Mark CVE-2026-40355 and CVE-2026-40356 as not-affected in Buster and Stretch This work is Sponsored by Freexian. - Debian User Forums Best Threads of the Week - [2026-06-21](https://forums.debian.net/viewtopic.php?p=845106#p845106) - 23: - beets: Sponsor beets 1.4.9-7+deb11u1 to fix CVE-2026-42052, kudos to Pieter Lenaerts . This work is Sponsored by Freexian. - Send DLA-4641-1. - 24: - postgresql: -13 Release DLA-4646-1 to fix many CVEs. This work is Sponsored by Freexian. - 26: - gdcm: Release DLA 4652-1 to fix: CVE-2024-22373, CVE-2024-22391, CVE-2024-25569, CVE-2025-11266, CVE-2025-48429, CVE-2025-52582, CVE-2025-53618, CVE-2025-53619 and CVE-2026-3650 This work is Sponsored by Freexian. - 27: - Review nocturne for DFSG, it was accepted. - Review rust-platforms-dirs for DFSG, it was rejected. - Review rust-platforms-dirs for DFSG, it was accepted. - Review ggml for DFSG, it was accepted. - Review ggml for DFSG, it was rejected. - Review rust-zerotrie for DFSG, it was accepted - Review rust-parlance for DFSG, it was accepted - 28: - Debian User Forums Best Threads of the Week - [2026-06-28](https://forums.debian.net/viewtopic.php?p=845414#p845414) - 29: - bind9: work on CVE-2026-5950, CVE-2026-5946, CVE-2026-3592 and CVE-20263039. This work is Sponsored by Freexian. - libssh2: Work on CVE-2026-58051. CVE-2026-58050, CVE-2026-7598 and CVE-2026-15661. Send patches to review. This work is Sponsored by Freexian.