My contribution to Debian - April 2026

I’ve worked on the packages mentioned below, for Freexian LTS/ELTS .

Many thanks to Freexian and our sponsors for providing this opportunity!

LTS

• libexif: I released DLA-4558-1 fixing CVE-2026-40386, CVE-2026-40385 and CVE-2026-32775. Also I created the backport for trixie and bookworm.

• pyasn1: I released DLA-4557-1 fixing CVE-2026-30922. Also I created the backport for trixie and bookworm.

• Work in python-flask-httpauth to fix CVE-2026-34531.

• Continue working in python-authlib to fix CVE-2026-27962, CVE-2026-28490 and CVE-2026-28498

ELTS

• Update python-gevent for (E)LTS team according to review. Preparing for upload.

• Working in pyasn1 to fix CVE-2026-30922 in buster.

DFSG Team

• Review python-sphinx-scrapy for DFSG. It was accepted

• Review pocketpy for DFSG. It was rejected.

• Review pytest-textual-snapshot for DFSG. It was accepted

• Review pocketpy for DFSG. It was rejected.

• Review golang-github-bitfinexcom-bitfinex-api-go version 2.2.9-1 for DFSG. It was accepted.

• Review pocketpy version 2.1.8+ds-1 for DFSG. It was accept

• Review python-annotated-doc version 0.0.4-1 for DFSG. It was rejected.

• Review python-valkey version 6.1.1-1 for DFSG. It was rejected

• Review python-elastic-apm version 6.25.0-1 for DFSG. It was accepted

• Review pymatgen-core-test-files version 2026.4.7-1 for DFSG. It was rejected.

• Review rust-vcs-graph version 3.4.0-1. for DFSG. It was accepted

Sponsorship

• Review fingwit for sponsor it.

Debian Python Team

• apispec: New upstream release 6.10.0. Package updates. Uploaded to unstable.

• citeproc-py: New upstream release 0.9.2. Package updates. Uploaded to unstable.

• kiwisolver: New upstream release 1.5.0. Package updates. Uploaded to unstable.

• myst-parser: New usptream release 5.0.0. Packae updates. Uploaded to unstable.

• markdown-it-py: New upstream release 4.0.0. Package updates. Uploaded to unstable.

• Sponsor python-generic version 1.1.7. Kudos to Seyed Mohamad Amin Modaresi modaresisofthard@proton.me.

• python-docformatter: New usptream release _1.7.8. Packages updates. Uploaded to unstable.

• python-marshmallow-sqlalchemy: New upstream release 1.5.0. Package updates. Uploaded to unstable.

• python-pytest-asyncio: New upstream release 1.4.0a1. Package updates. Work in progress.

Forums Debian

• Work in Best Threads of the Week - 2026-04-12

• Work in Best Threads of the Week - 2026-04-19

• Debian User Forums Best Threads of the Week - 2026-04-26

Detailed logwork

Report

• 04:

  • Review python-sphinx-scrapy for DFSG. It was accepted

  • Review pocketpy for DFSG. It was rejected.

• 09:

  • Review pytest-textual-snapshot for DFSG. It was accepted

• 10

  • Review pocketpy for DFSG. It was rejected.

• 13:

  • Review golang-github-bitfinexcom-bitfinex-api-go version 2.2.9-1 for DFSG. It was accepted.

  • Review pocketpy version 2.1.8+ds-1 for DFSG. It was accept

  • Review python-annotated-doc version 0.0.4-1 for DFSG. It was rejected.

  • Review python-valkey version 6.1.1-1 for DFSG. It was rejected

  • Review python-elastic-apm version 6.25.0-1 for DFSG. It was accepted

• 16:

  • Review pymatgen-core-test-files version 2026.4.7-1 for DFSG. It was rejected.

  • Review rust-vcs-graph version 3.4.0-1. for DFSG. It was accepted

• 17:

  • Start working in libexif. This is sponsored by Freexian.

• 18:

  • Prepare trixie-pu for libexif/0.6.25-1+deb13u1. See #1134175

• 19:

  • Work in Best Threads of the Week - 2026-04-12

  • Work in Best Threads of the Week - 2026-04-19

• 20

  • Prepare bookworm-pu for libexif/0.6.24-1+deb12u1. See #1134478

  • Send to review libexif version 0.6.22-3+deb11u1 to review. This is sponsored by Freexian.

  • Review fingwit for sponsor it.

• 26:

  • Debian User Forums Best Threads of the Week - 2026-04-26

  • apispec: New upstream release 6.10.0. Package updates. Uploaded to unstable.

  • citeproc-py: New upstream release 0.9.2. Package updates. Uploaded to unstable.

  • kiwisolver: New upstream release 1.5.0. Package updates. Uploaded to unstable.

  • myst-parser: New usptream release 5.0.0. Packae updates. Uploaded to unstable.

  • markdown-it-py: New upstream release 4.0.0. Package updates. Uploaded to unstable.

  • Sponsor python-generic version 1.1.7. Kudos to Seyed Mohamad Amin Modaresi modaresisofthard@proton.me.

  • python-docformatter: New usptream release _1.7.8. Packages updates. Uploaded to unstable.

  • python-marshmallow-sqlalchemy: New upstream release 1.5.0. Package updates. Uploaded to unstable.

  • python-pytest-asyncio: New upstream release 1.4.0a1. Package updates. Work in progress.

• 29:

  • Update python-gevent for (E)LTS team according to reviewer.

• 30:

  • Upload pyasn1 to bullseye-security to fix CVE-2026-30922 (see #1131371). [DLA-4557-1](https://lists.debian.org/debian-lts-announce/2026/05/msg00001.html]() was sent.

• Upload libexif to bullseye-security to fix CVE-2026-40386, CVE-2026-40385, CVE-2026-32775 (see #1133923, #1133922, #1131116). DLA-4558-1 was sent.

Previous: My contributions to Debian - March 2026