My contribution to Debian - May 2026

LTS

libexif

• Upload libexif/0.6.25-1+deb13u1 to fix: CVE-2026-40386, CVE-2026-40385, CVE-2026-32775.

• Upload libexif/0.6.24-1+deb12u1 to fix: CVE-2026-40386, CVE-2026-40385, CVE-2026-32775.

python-authlib

• work in bullseye

• Mark CVE-2026-41425 as no vulnerable for bullseye and bookworm.

• Upload python-authlib 0.15.4-1+deb11u2

• Send DLA-4579-1.

krb

• Release DLA-4603-1 for krb5 1.18.3-6+deb11u8 to fix CVE-2026-40356 and CVE-2026-40355.

python-flask-httpauth

• Release DLA-4605-1 for python-flask-httpauth 3.2.4-3.1+deb11u1 to fix CVE-2026-34531.

corosync

• Work in a patch to fix CVE-2026-35091 and CVE-2026-35092

ELTS

pyasn1

• Release ELA-1717-1 to fix CVE-2026-30922 in 0.1.9-2+deb9u2 (stretch), 0.4.2-3+deb10u2 (buster).

python-gevent

• Release ELA-1718-1 to fix CVE-2023-41419 in 1.3.7-1+deb10u1 (buster).

libexif

• Release ELA-1737-1 for:

  • libeixf/0.6.21-5.1+deb10u6 to fix: CVE-2026-40386, CVE-2026-40385 and CVE-2026-32775

  • libexif/0.6.21-2+deb9u6 to fix: CVE-2026-40386, CVE-2026-40385 and CVE-2026-32775

Sponsor

• bazaar version 0.7.14-1. Kudos to Seyed Mohamad Amin Modaresi modaresisofthard@proton.me

• beets:

  • Review patches for CVE-2026-42052 (trixie and bookworm). Kudos to Pieter Lenaerts plenae@disroot.org.

• python-marisa-trie: Introduce version 1.4.1+ds-1 to Debian. Kudos to Tianyu Chen billchenchina2001@gmail.com

• pytesseract: Upload version 0.3.13+git20250218.df9fce0-2. Kudos to Seyed Mohamad Amin Modaresi modaresisofthard@proton.me

• bazaar version 0.8.1-1. Kudos to Seyed Mohamad Amin Modaresi modaresisofthard@proton.me

Debian Python Team

citeproc-py

• New upstream release 0.9.3.

• Packaging updates.

myst-parser

• Fix debci build. myst-parser should be buid with python3-mardown-it >= 4.0.0

python-ftputil

• New upstream release 5.2.0-1

• Packaging updates.

mdit-py-plugins

• New upstream release 0.6.1-1.

• Packaging updates

python-flask-jwt-extended

• New upstream release 4.7.4-1

• Packaging updates

python-ftputil

• New upstream release 5.2.0-1.

• Packaging updates.

python-sounddevice

• New upstream release 0.5.5-1

• Packaging updates.

python-scramp

• New upstream release 1.4.8-1.

• Packaging updates.

Debian Rust Team

crc-catalog

• New upstream release 2.5.0

Other packages

Planify

• New upstream release 4.19.1-1

• Packaging updates.

Debian User Forums

• 2026-05-03: https://forums.debian.net/viewtopic.php?p=842705#p842705

• 2026-05-10: https://forums.debian.net/viewtopic.php?p=843436#p843436

• 2026-05-17: https://forums.debian.net/viewtopic.php?p=843436#p843436

DFSG

• Review pymatgen-core-test-files for DFSG team it was accepted.

• Review runit-services for DFSG team it was accepted.

• Review libexttextcat for DFSG team it was rejected.

• Review mkdocs-rss-plugin for DFSG team it was accepted.

• Review python-compit-inext-api for DFSG team it was rejected.

• Review python-apricot-select for DFSG team it was accepted.

• Review apt-suggest-auto for DFSG team it was accepted.

• Review python-iso4217 for DFSG team it was accepted.

• Review cryptolyzer for DFSG team it was accepted.

• Review rust-rust-i18n-support for DFSG team it was accepted.

• Review rust-axum-macros for DFSG team it was accepted.

• Review node-pixl-cli for DFSG team it was accepted

• Review node-pixl-unit for DFSG team it was accepted

• Review node-pixl-config for DFSG team it was accepted

• Review collatinus-nouus for DFSG team it was rejected

• Review node-pixl-cache for DFSG team it was accepted

• Review python-sigstore-models for DFSG team it was accepted

• Review hwatch for DFSG team it was accepted

• Review rust-apfs for DFSG team it was accepted

• Review rust-icns for DFST team it was accepted

---

Detailed logwork

• 1:

  • Work in pyasn1 for buster. This is sponsored by Freexian.

• 3:

  • citeproc: New upstream release 0.9.3.

  • Sponsor baazaar version 0.7.14-1. Kudos to Seyed Mohamad Amin Modaresi modaresisofthard@proton.me

• 5:

  • Debian User Forums Best Threads of the Week - 2026-05-03

  • python-ftputil: New upstream release version 5.2.0-1.

  • Sponsor baazaar version 0.7.14-1. Fixing a Rejection in the DFSG team. Kudos to Seyed Mohamad Amin Modaresi modaresisofthard@proton.me.

• 8:

  • Upload libexif/0.6.25-1+deb13u1 to fix: CVE-2026-40386, CVE-2026-40385, CVE-2026-32775. This work is Sponsored by Freexian.

  • Upload libexif/0.6.24-1+deb12u1 to fix: CVE-2026-40386, CVE-2026-40385, CVE-2026-32775. This work is Sponsored by Freexian.

• 9:

  • Upload python-authlib 0.15.4-1+deb11u2. This work is Sponsored by Freexian.

• 10:

  • Release myst-parser 5.0.0-2. Fix a bug in the build.

• 11:

  • Send DLA-4579-1 for python-authlib 0.15.4-1+deb11u2. This work is Sponsored by Freexian.

• 13:

  • Review patch for CVE-2026-42052 for beets to fix in trixie and bookworm. Kudos to Pieter Lenaerts plenae@disroot.org.

  • Release ELA-1717-1 pyasn1 security update

• 14:

  • python-genvet: Prepare ELA-1718-1 to fix CVE-2023-41419 in 1.3.7-1+deb10u1 (buster).This work is Sponsored by Freexian.

  • Release new upstream release mdit-py-plugins version 0.6.1-1. Uploaded to unstable.

  • Release new upstream release python-flask-jwt-extended version 4.7.4-1. Uploaded to unstable

  • Release new upstream release planify version 4.19.1-1. Uploaded to unstable.

  • Release new upstream release python-ftputil version 5.2.0-1. Uploaded to unstable

• 15:

  • Release new upstream release python-sounddevice version 0.5.5. Uploaded to unstable.

  • Release new usptream release python-scramp version 1.4.8-1. Uploaded to unstable

  • Work in libeixf 0.6.21-5.1+deb10u6 and 0.6.21-2+deb9u6 to fix CVE-2026-40386, CVE-2026-40385 and CVE-2026-32775. This work is Sponsored by Freexian.

  • Work in krb5 1.18.3-6+deb11u8 to fix CVE-2026-40356 and CVE-2026-40355. This work is Sponsored by Freexian.

• 16:

  • Review python-marisa-trie for sponsor it.

  • Review pymatgen-core-test-files for DFSG team it was accepted.

  • Review runit-services for DFSG team it was accepted.

  • Review libexttextcat for DFSG team it was rejected.

  • Review mkdocs-rss-plugin for DFSG team it was accepted.

  • Review python-compit-inext-api for DFSG team it was rejected.

  • Review python-apricot-select for DFSG team it was accepted.

  • Review apt-suggest-auto for DFSG team it was accepted.

  • Review python-iso4217 for DFSG team it was accepted.

  • Review cryptolyzer for DFSG team it was accepted.

  • Review rust-rust-i18n-support for DFSG team it was accepted.

  • Review rust-axum-macros for DFSG team it was accepted.

  • crc-catalog: New upstream release 2.5.0. Uploaded to unstable.

• 17:

  • Sponsor python-marisa-trie. Introduce version 1.4.1+ds-1 to Debian. Kudos to Tianyu Chen billchenchina2001@gmail.com

• 20:

  • Release ELA-1718-1 for python-gevent

• 25:

  • Sponsor pytesseract. Upload version 0.3.13+git20250218.df9fce0-2. Kudos to Seyed Mohamad Amin Modaresi modaresisofthard@proton.me

  • Review Bazaar to sponsor it.

• 27:

  • Upload krb5 version 1.18.3-6+deb11u8 for bullseye-security

  • Upload python-flask-httpauth in version 3.2.4-3.1+deb11u1 to fix CVE-2026-34531.

• 28:

  • Send DLA-4603-1 for krb5.

  • Send DLA-4605-1 for python-flask-httpauth

  • Review bazaar for sponsorship. Uploaded to unstable. Kudos to Seyed Mohamad Amin Modaresi modaresisofthard@proton.me.

  • Review node-pixl-cli for DFSG team it was accepted

  • Review node-pixl-unit for DFSG team it was accepted

  • Review node-pixl-config for DFSG team it was accepted

  • Review collatinus-nouus for DFSG team it was rejected

  • Review node-pixl-cache for DFSG team it was accepted

  • Review python-sigstore-models for DFSG team it was accepted

  • Review hwatch for DFSG team it was accepted

  • Review rust-apfs for DFSG team it was accepted

• 29: Review rust-icns for DFSG team it was accepted.

Previous: My contributions to Debian - April 2026   Next: TIL: Un pendrive puede estar en cualquier lugar, hay que aprender a buscar…