LTS

postgresql

  • -13 Work on fix for CVE-2026-6637, CVE-2026-6479, CVE-2026-6478, CVE-2026-6477, CVE-2026-6475, CVE-2026-6474, CVE-2026-6473.

  • Work in several CVEs for bullseye.

  • -13 Release DLA-4646-1 to fix many CVEs.

kr5

  • Mark CVE-2026-40355 and CVE-2026-40356 as not-affected in Buster and Stretch

beets

  • Sponsor beets 1.4.9-7+deb11u1 to fix CVE-2026-42052, kudos to Pieter Lenaerts <plenae.org>.

    • Send DLA-4641-1.

gdcm

  • Release DLA 4652-1 to fix: CVE-2024-22373, CVE-2024-22391, CVE-2024-25569, CVE-2025-11266, CVE-2025-48429, CVE-2025-52582, CVE-2025-53618, CVE-2025-53619 and CVE-2026-3650

bind9

  • work on CVE-2026-5950, CVE-2026-5946, CVE-2026-3592 and CVE-20263039.

libssh2

  • Work on CVE-2026-58051, CVE-2026-58050, CVE-2026-7598 and CVE-2026-15661. Send patches to review

ELTS

krb5

  • Mark CVE-2026-40355 and CVE-2026-40356 as not affected in buster and stretch.

    • The NegoEx was introduced in 1.18

corosync

  • Release ELA-1746-1 to fix CVE-2026-35091 and CVE-2026-35092 for Buster an Stretch.

python3

  • .7 Work in several CVEs for buster.

Debian Python Team

python-pytest-asyncio

  • New upstream release 1.4.0.

    • Uploaded to unstable.

asgi

  • -csrf Fix RC bug [#1133917] (https://bugs.debian.org/1133917).

    • Also send patch to upstream.

terminado

Debian User Forums

  • forums

  • 2026-06-15: https://forums.debian.net/viewtopic.php?p=844834#p844834

  • 2026-06-21: https://forums.debian.net/viewtopic.php?p=845106#p845106

  • 2026-06-28: https://forums.debian.net/viewtopic.php?p=845414#p845414

DFSG

  • Review rust-typos for DFSG, it was accepted.

  • Review rust-typos-dicwt for DFSG, it was accepted.

  • Review rust-varcon for DFSG, it was accepted.

  • Review rust-varcon-core for DFSG, it was accepted.

  • Review nocturne for DFSG, it was rejected.

  • Review rust-dictgen for DFSG, it was accepted.

  • Review rust-hidreport for DFSG, it was accepted.

  • Review rust-linkme for DFSG, it was accepted.

  • Review rust-varcon for DFSG, it was accepted.

  • Review gaphor for DFSG, it was accept.

  • Review nocturne for DFSG, it was accepted.

  • Review rust-platforms-dirs for DFSG, it was accepted.

  • Review ggml for DFSG, it was rejected.

  • Review rust-zerotrie for DFSG, it was accepted

  • Review rust-parlance for DFSG, it was accepted


Detailed logwork

  • 2:

    • krb5: Mark CVE-2026-40355 and CVE-2026-40356 as not affected in buster and stretch. This work is Sponsored by Freexian.

      • The NegoEx was introduced in 1.18

  • 3:

    • python-pytest-asyncio: New upstream release 1.4.0.

      • Uploaded to unstable.

    • asgi: -csrf Fix RC bug [#1133917] (https://bugs.debian.org/1133917).

      • Also send patch to upstream.

    • corosync: Release ELA-1746-1 to fix CVE-2026-35091 and CVE-2026-35092 for Buster an Stretch. This work is Sponsored by Freexian.

  • 6:

    • Review rust-typos for DFSG, it was accepted.

    • Review rust-typos-dicwt for DFSG, it was accepted.

    • Review rust-varcon for DFSG, it was accepted.

    • Review rust-varcon-core for DFSG, it was accepted.

    • Review nocturne for DFSG, it was rejected.

    • Review rust-dictgen for DFSG, it was rejected.

    • Review rust-dictgen for DFSG, it was accepted.

    • Review rust-hidreport for DFSG, it was accepted.

    • Review rust-linkme for DFSG, it was accepted.

  • 7:

    • Review rust-varcon for DFSG, it was accepted.

    • Review gaphor for DFSG, it was rejected.

  • 8:

  • 15:

    • postgresql: -13 Work on fix for CVE-2026-6637, CVE-2026-6479, CVE-2026-6478, CVE-2026-6477, CVE-2026-6475, CVE-2026-6474, CVE-2026-6473. This work is Sponsored by Freexian.

    • Prepare security to fix, it was uploaded to bullseye-security.

    • Kudos to Pieter Lenaerts plenae@disroot.org.

    • forums

    • Debian User Forums Best Threads of the Week - 2026-06-15

    • python3: .7 Work in several CVEs for buster. This work is Sponsored by Freexian.

  • 16:

    • Review gaphor for DFSG, it was accept.

    • Sponsor new upstream release, kudos to Gabriel Barrantes <gabriel.barrantes.dev.com>

  • 19:

    • postgresql: Work in several CVEs for bullseye. This work is Sponsored by Freexian.

  • 20:

    • Sponsor new upstream release 31.1.4-1, kudos to Gabriel Barrantes <gabriel.barrantes.dev.com>

    • -snippets Sponsor backport to trixie 1.3~bpo13+1 , kudos to Thomas Ward <teward.com>

  • 21:

    • kr5: Mark CVE-2026-40355 and CVE-2026-40356 as not-affected in Buster and Stretch This work is Sponsored by Freexian.

    • Debian User Forums Best Threads of the Week - 2026-06-21

  • 23:

    • beets: Sponsor beets 1.4.9-7+deb11u1 to fix CVE-2026-42052, kudos to Pieter Lenaerts <plenae.org>. This work is Sponsored by Freexian.

      • Send DLA-4641-1.

  • 24:

    • postgresql: -13 Release DLA-4646-1 to fix many CVEs. This work is Sponsored by Freexian.

  • 26:

    • gdcm: Release DLA 4652-1 to fix: CVE-2024-22373, CVE-2024-22391, CVE-2024-25569, CVE-2025-11266, CVE-2025-48429, CVE-2025-52582, CVE-2025-53618, CVE-2025-53619 and CVE-2026-3650 This work is Sponsored by Freexian.

  • 27:

    • Review nocturne for DFSG, it was accepted.

    • Review rust-platforms-dirs for DFSG, it was rejected.

    • Review rust-platforms-dirs for DFSG, it was accepted.

    • Review ggml for DFSG, it was accepted.

    • Review ggml for DFSG, it was rejected.

    • Review rust-zerotrie for DFSG, it was accepted

    • Review rust-parlance for DFSG, it was accepted

  • 28:

    • Debian User Forums Best Threads of the Week - 2026-06-28

  • 29:

    • bind9: work on CVE-2026-5950, CVE-2026-5946, CVE-2026-3592 and CVE-20263039. This work is Sponsored by Freexian.

    • libssh2: Work on CVE-2026-58051. CVE-2026-58050, CVE-2026-7598 and CVE-2026-15661. Send patches to review. This work is Sponsored by Freexian.