I've worked during May 2026 on the below listed packages, for
Freexian LTS/ELTS [1].

Many thanks to Freexian and sponsors [2] for providing this opportunity!

[1] https://www.freexian.com/lts/
[2] https://www.freexian.com/lts/debian/#sponsors

LTS
===

- Pushed nova tag for DLA-4486-1 to close pending task [3].
- Worked on nginx to fix CVE-2025-53859, CVE-2026-1642 and
  CVE-2026-42946.
    - Was contacted by nginx maintainers and reviewed their proposed
      update for bullseye.
        - Identified a problem with CVE-2026-42946's fix and marked
          trixie and bookworm as vulnerable [4].
    - Published DLA-4589-1 for nginx [5].

[3] https://salsa.debian.org/lts-team/lts-updates-tasks/-/work_items/329
[4] 
https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/299
[5] https://lists.debian.org/debian-lts-announce/2026/05/msg00033.html

ELTS
====

- Worked on nginx's CVE-2025-53859, CVE-2026-1642, CVE-2026-9256,
  CVE-2026-27651, CVE-2026-27654, CVE-2026-27784, CVE-2026-28753,
  CVE-2026-32647, CVE-2026-42934, CVE-2026-42945, CVE-2026-42946.
    - Published ELA-1740-1 for nginx/buster,stretch to fix vulnerabilities [6].
- Checked a report about a curl regression for jessie (not supported
  anymore) [7] and verified the regression is not present in ELTS, LTS and
  current stable releases - it's not present.

[6] https://www.freexian.com/lts/extended/updates/ela-1740-1-nginx/
[7] https://lists.debian.org/debian-lts/2026/05/msg00010.html

Tooling, Documentation  and Misc
================================

- Attended (E)LTS meeting.
- git-buildpackage MR (from April) to add --lts support merged, released
  and available in sid and forky [8].
- Add highlights so the Development page follows the same pattern as a
  whole [9].
- Went through documentation for helping LTS Coordinators with the
  monthly meetings (bus factor mitigation) and helped with the
  preparation of May's meeting.

[8] https://salsa.debian.org/agx/git-buildpackage/-/merge_requests/95
[9] 
https://salsa.debian.org/lts-team/lts-team.pages.debian.net/-/commit/cb2ec5b97167e3685e2eae551d606e707b2bd427

Best regards,
Charles

Reply via email to