LTS¶
postgresql¶
-13 Work on fix for CVE-2026-6637, CVE-2026-6479, CVE-2026-6478, CVE-2026-6477, CVE-2026-6475, CVE-2026-6474, CVE-2026-6473.
Work in several CVEs for bullseye.
-13 Release DLA-4646-1 to fix many CVEs.
kr5¶
Mark CVE-2026-40355 and CVE-2026-40356 as not-affected in Buster and Stretch
beets¶
Sponsor beets 1.4.9-7+deb11u1 to fix CVE-2026-42052, kudos to Pieter Lenaerts <plenae.org>.
Send DLA-4641-1.
gdcm¶
Release DLA 4652-1 to fix: CVE-2024-22373, CVE-2024-22391, CVE-2024-25569, CVE-2025-11266, CVE-2025-48429, CVE-2025-52582, CVE-2025-53618, CVE-2025-53619 and CVE-2026-3650
bind9¶
work on CVE-2026-5950, CVE-2026-5946, CVE-2026-3592 and CVE-20263039.
libssh2¶
Work on CVE-2026-58051, CVE-2026-58050, CVE-2026-7598 and CVE-2026-15661. Send patches to review
ELTS¶
krb5¶
Mark CVE-2026-40355 and CVE-2026-40356 as not affected in buster and stretch.
The NegoEx was introduced in 1.18
corosync¶
Release ELA-1746-1 to fix CVE-2026-35091 and CVE-2026-35092 for Buster an Stretch.
python3¶
.7 Work in several CVEs for buster.
Sponsor¶
beets: Prepare security to fix, it was uploaded to bullseye-security. Kudos to Pieter Lenaerts plenae@disroot.org.
junit2html: Sponsor new upstream release, kudos to Gabriel Barrantes <gabriel.barrantes.dev.com>
junit2html: Sponsor new upstream release 31.1.4-1, kudos to Gabriel Barrantes <gabriel.barrantes.dev.com>
ubuntu: -snippets Sponsor backport to trixie 1.3~bpo13+1 , kudos to Thomas Ward <teward.com>
Debian Python Team¶
python-pytest-asyncio¶
New upstream release 1.4.0.
Uploaded to unstable.
asgi¶
-csrf Fix RC bug [#1133917] (https://bugs.debian.org/1133917).
Also send patch to upstream.
terminado¶
Fix RC bug #1114403.
Debian User Forums¶
forums
2026-06-15: https://forums.debian.net/viewtopic.php?p=844834#p844834
2026-06-21: https://forums.debian.net/viewtopic.php?p=845106#p845106
2026-06-28: https://forums.debian.net/viewtopic.php?p=845414#p845414
DFSG¶
Review rust-typos for DFSG, it was accepted.
Review rust-typos-dicwt for DFSG, it was accepted.
Review rust-varcon for DFSG, it was accepted.
Review rust-varcon-core for DFSG, it was accepted.
Review nocturne for DFSG, it was rejected.
Review rust-dictgen for DFSG, it was accepted.
Review rust-hidreport for DFSG, it was accepted.
Review rust-linkme for DFSG, it was accepted.
Review rust-varcon for DFSG, it was accepted.
Review gaphor for DFSG, it was accept.
Review nocturne for DFSG, it was accepted.
Review rust-platforms-dirs for DFSG, it was accepted.
Review ggml for DFSG, it was rejected.
Review rust-zerotrie for DFSG, it was accepted
Review rust-parlance for DFSG, it was accepted
Detailed logwork¶
2:
krb5: Mark CVE-2026-40355 and CVE-2026-40356 as not affected in buster and stretch. This work is Sponsored by Freexian.
The NegoEx was introduced in 1.18
3:
python-pytest-asyncio: New upstream release 1.4.0.
Uploaded to unstable.
asgi: -csrf Fix RC bug [#1133917] (https://bugs.debian.org/1133917).
Also send patch to upstream.
corosync: Release ELA-1746-1 to fix CVE-2026-35091 and CVE-2026-35092 for Buster an Stretch. This work is Sponsored by Freexian.
6:
Review rust-typos for DFSG, it was accepted.
Review rust-typos-dicwt for DFSG, it was accepted.
Review rust-varcon for DFSG, it was accepted.
Review rust-varcon-core for DFSG, it was accepted.
Review nocturne for DFSG, it was rejected.
Review rust-dictgen for DFSG, it was rejected.
Review rust-dictgen for DFSG, it was accepted.
Review rust-hidreport for DFSG, it was accepted.
Review rust-linkme for DFSG, it was accepted.
7:
Review rust-varcon for DFSG, it was accepted.
Review gaphor for DFSG, it was rejected.
8:
terminado: Fix RC bug #1114403.
15:
postgresql: -13 Work on fix for CVE-2026-6637, CVE-2026-6479, CVE-2026-6478, CVE-2026-6477, CVE-2026-6475, CVE-2026-6474, CVE-2026-6473. This work is Sponsored by Freexian.
Prepare security to fix, it was uploaded to bullseye-security.
Kudos to Pieter Lenaerts plenae@disroot.org.
forums
Debian User Forums Best Threads of the Week - 2026-06-15
python3: .7 Work in several CVEs for buster. This work is Sponsored by Freexian.
16:
Review gaphor for DFSG, it was accept.
Sponsor new upstream release, kudos to Gabriel Barrantes <gabriel.barrantes.dev.com>
19:
postgresql: Work in several CVEs for bullseye. This work is Sponsored by Freexian.
20:
Sponsor new upstream release 31.1.4-1, kudos to Gabriel Barrantes <gabriel.barrantes.dev.com>
-snippets Sponsor backport to trixie 1.3~bpo13+1 , kudos to Thomas Ward <teward.com>
21:
kr5: Mark CVE-2026-40355 and CVE-2026-40356 as not-affected in Buster and Stretch This work is Sponsored by Freexian.
Debian User Forums Best Threads of the Week - 2026-06-21
23:
beets: Sponsor beets 1.4.9-7+deb11u1 to fix CVE-2026-42052, kudos to Pieter Lenaerts <plenae.org>. This work is Sponsored by Freexian.
Send DLA-4641-1.
24:
postgresql: -13 Release DLA-4646-1 to fix many CVEs. This work is Sponsored by Freexian.
26:
gdcm: Release DLA 4652-1 to fix: CVE-2024-22373, CVE-2024-22391, CVE-2024-25569, CVE-2025-11266, CVE-2025-48429, CVE-2025-52582, CVE-2025-53618, CVE-2025-53619 and CVE-2026-3650 This work is Sponsored by Freexian.
27:
Review nocturne for DFSG, it was accepted.
Review rust-platforms-dirs for DFSG, it was rejected.
Review rust-platforms-dirs for DFSG, it was accepted.
Review ggml for DFSG, it was accepted.
Review ggml for DFSG, it was rejected.
Review rust-zerotrie for DFSG, it was accepted
Review rust-parlance for DFSG, it was accepted
28:
Debian User Forums Best Threads of the Week - 2026-06-28
29:
bind9: work on CVE-2026-5950, CVE-2026-5946, CVE-2026-3592 and CVE-20263039. This work is Sponsored by Freexian.
libssh2: Work on CVE-2026-58051. CVE-2026-58050, CVE-2026-7598 and CVE-2026-15661. Send patches to review. This work is Sponsored by Freexian.