I've worked during May 2026 on the below listed packages, for
Freexian LTS/ELTS [1]

libpng1.6
=========

Another round of security updates for libpng1.6, fixing:
CVE-2026-34757 for trixie to stretch 
CVE-2026-40930 for buster
That's DSA-6263-1, DLA-4573-1, ELA-1724-1 and ELA-1725-1.
Thanks to Moritz for doing the DSA paperwork!

Due to CVE-2026-40930 being published after the bullseye update, but
before buster and stretch has been released, and due to the low severity
of this issue, this vulnerability will be adressed with the next
upload.

mesa (WIP)
==========

I've backported the fix for CVE-2026-40393 for all suites from trixie to
bullseye and reached out to the package maintainers for review.
buster and stretch has been triaged for this vulnerability as well.
Parts of the vulnerable code are not present in those versions,
additionally the affected code parts have been refactored a lot, so the
risk of regressions outweights the severity of the issue and therefore
the resolution was to mark those vulnerabilites as "ignored".


[1]  https://www.freexian.com/lts/ 
[2]  https://www.freexian.com/lts/debian/#sponsors

Cheers, 
-- 
tobi

Attachment: signature.asc
Description: PGP signature

Reply via email to