Hello!

I've worked on the packages mentioned below, for Freexian LTS/ELTS [1].

Many thanks to Freexian and our sponsors [2] for providing this opportunity!

# LTS

## libexif
- Upload libexif/0.6.25-1+deb13u1 to fix: CVE-2026-40386, CVE-2026-40385, 
CVE-2026-32775.
- Upload libexif/0.6.24-1+deb12u1 to fix: CVE-2026-40386, CVE-2026-40385, 
CVE-2026-32775.

## python-authlib
- Mark CVE-2026-41425 as no vulnerable for bullseye and bookworm.
- Release DLA-4579-1 for python-authlib 0.15.4-1+deb11u2 to fix CVE-2026-27962, 
CVE-2026-28490, CVE-2026-28498.

## krb
- Release DLA-4603-1 for krb5 1.18.3-6+deb11u8 to fix CVE-2026-40356 and 
CVE-2026-40355.

## python-flask-httpauth
- Release DLA-4605-1 for python-flask-httpauth 3.2.4-3.1+deb11u1 to fix 
CVE-2026-34531.

## corosync
- Release DLA-4608-1 for corosync 3.1.2-2+deb11u2 to fix CVE-2026-35091 and 
CVE-2026-35092.
- Working in the release for Buster and Stretch

# ELTS

## pyasn1
- Release ELA-1717-1 to fix CVE-2026-30922 in 0.1.9-2+deb9u2 (stretch), 
0.4.2-3+deb10u2 (buster).

## python-gevent
- Release ELA-1718-1 to fix CVE-2023-41419 in 1.3.7-1+deb10u1 (buster).

## libexif
- Release ELA-1737-1 for:
  - libeixf/0.6.21-5.1+deb10u6 to fix: CVE-2026-40386, CVE-2026-40385 and 
CVE-2026-32775
  - libexif/0.6.21-2+deb9u6 to fix: CVE-2026-40386, CVE-2026-40385 and 
CVE-2026-32775

## python3.7/buster
- Working in multiple vulnerabilities.


[1] https://www.freexian.com/lts/
[2] https://www.freexian.com/lts/debian/#sponsors

-- 
cheers,
        Emmanuel Arias

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  [email protected]
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: 13796755BBC72BB8ABE2AEB5 FA9DEC5DE11C63F1
 ⠈⠳⣄

Attachment: signature.asc
Description: PGP signature

Reply via email to