I've worked during January 2026 on the below listed packages, for Freexian LTS/ELTS [1].
Many thanks to Freexian and sponsors [2] for providing this opportunity! LTS === - Published DLA-4440-1 for ffmpeg/bullseye to fix CVE-2023-6603, CVE-2024-36615, CVE-2025-1594, CVE-2025-7700, CVE-2025-9951, CVE-2025-10256 and CVE-2025-63757. (https://lists.debian.org/debian-lts-announce/2026/01/msg00011.html) - The fixes were submitted upstream and merged in the 4.3 lts branch! (https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21275) - Finished investigating a possible regression spotted by debusine before releasing the DLA. lebiniou's (reverse dependency) autopkgtest was failing for i386, but it wasn't reproducible locally. (https://debusine.debian.net/debian/developers/work-request/338625/) - Published DLA-4432-1 for curl/bullseye to fix CVE-2025-9086. (https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html) - It was later discovered the CVE actually didn't affect bookworm and older, so it was just a minor bugfix. Nonetheless, the security-tracker was updated to reflect the CVE doesn't affect bullseye. (https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ab52126db12b14182d36dda188900b0a98cab49) ELTS ==== - Started to work on ffmpeg for buster to fix pending CVEs. - Fixed freexian's git fork history by re-importing previous debian releases of ffmpeg. (https://lists.debian.org/debian-lts/2026/01/msg00023.html) Tooling, Documentation and Misc ================================ - Attended (E)LTS meeting. Best regards, Charles [1] https://www.freexian.com/lts/ [2] https://www.freexian.com/lts/debian/#sponsors
