I've worked during May 2026 on the below listed packages, for Freexian LTS/ELTS [1]
libpng1.6 ========= Another round of security updates for libpng1.6, fixing: CVE-2026-34757 for trixie to stretch CVE-2026-40930 for buster That's DSA-6263-1, DLA-4573-1, ELA-1724-1 and ELA-1725-1. Thanks to Moritz for doing the DSA paperwork! Due to CVE-2026-40930 being published after the bullseye update, but before buster and stretch has been released, and due to the low severity of this issue, this vulnerability will be adressed with the next upload. mesa (WIP) ========== I've backported the fix for CVE-2026-40393 for all suites from trixie to bullseye and reached out to the package maintainers for review. buster and stretch has been triaged for this vulnerability as well. Parts of the vulnerable code are not present in those versions, additionally the affected code parts have been refactored a lot, so the risk of regressions outweights the severity of the issue and therefore the resolution was to mark those vulnerabilites as "ignored". [1] https://www.freexian.com/lts/ [2] https://www.freexian.com/lts/debian/#sponsors Cheers, -- tobi
signature.asc
Description: PGP signature
