In February 2026 I've worked on the below listed packages for Freexian LTS/ELTS [1]. This is my twelfth month involved with the (E)LTS efforts.
Many thanks to Freexian and our sponsors [2] for providing this opportunity! openssl ======= I worked on backporting fixes for the 7 relevant CVEs for bullseye (LTS). It happens to be that bullseye is the last debian version that ships with openssl 1.x (while bookworm and newer has 3.x). Upstream provides patches for 1.1 series under a premium contract, but the fixes seemed easy enough to backport from the 3.x series this time around atleast. This might however be something to keep in mind for future (extended) maintenance. Multiple rounds of request for review was sent out before finally publishing the result which was announced in [DLA-4490-1]. glib2.0 ======= A number of low severity issues where found in glib. I coordinated with the Debian GNOME Team about handling these and we agreed that I would also look at stable and oldstable updates, which apart from the CVE fixes should also fix a locale parsing bug. I've sent out [glib-spu] and [glib-ospu] bug reports, to get an ACK from the release team on these updates. Since glib also builds an udeb it will likely first need an ack from the installer team. These updates are thus pending and will be uploaded once ACKed.... The update for bullseye (LTS) however was published and announced in [DLA-4491-1]. Arnaud Rebillout offered to take care of the ELTS uploads as part of his onboarding. He reported back that the patches was trivially backportable (as expected) and there should be no issues with me being unavailable next week which I mentioned to him in our coordination over handling glib/ELTS, which now has ELA-1652-1 reserved and should hopefully soon be published. Additionally these where some discussions both on #debian-lts and #debusine about the problems with uploading these packages via debusine. Eventually the packages where both scheduled and most reverse dependency job tests where run to give extra confidence in the updated packages before publishing them to the archive. Regards, Andreas Henriksson [1] https://www.freexian.com/lts/ [2] https://www.freexian.com/lts/debian/#sponsors [DLA-4490-1] https://lists.debian.org/debian-lts-announce/2026/02/msg00030.html [DLA-4491-1] https://lists.debian.org/debian-lts-announce/2026/02/msg00029.html [glib-spu] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128227 [glib-ospu] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126273
