I've worked during june on the below listed packages, for Freexian
LTS/ELTS [1]

Many thanks to Freexian and our sponsors [2] for providing this opportunity!

Apache2
--------------
In urgency fix CVE-2026-49975 sid/trixie/bookworm/buster/stretch aka HTTP2 bomb

 backport fixes from 2.4.68 to bullseye
Release 2.4.67-1~deb11u3
CVE ID         : CVE-2026-29167 CVE-2026-29170 CVE-2026-34355 CVE-2026-34356 
                 CVE-2026-42535 CVE-2026-42536 CVE-2026-43951 CVE-2026-44119 
                 CVE-2026-44185 CVE-2026-44186 CVE-2026-44631 CVE-2026-48913
Debian Bug     : 1139340
backport to buster
Release
ELA-1754-1-apache2
backport to stretch

snapd
----------

Determine that CVE-2026-3888 fix need to backport systemd

imagemagick
--------------------

Fix CVE-2026-48733 CVE-2026-48734 CVE-2026-48994 CVE-2026-49218 
CVE-2026-53460 CVE-2026-53463

Fix also for ELTS 
CVE-2026-33901 CVE-2026-42326 CVE-2026-45358 CVE-2026-45624 CVE-2026-45664 
CVE-2026-46520 CVE-2026-46521
CVE-2026-46522 CVE-2026-46523 CVE-2026-46559 CVE-2026-46692 CVE-2026-46693 
CVE-2026-47165 CVE-2026-47166

As usual with imagemagick progress was slow due to being ported between two 
majors version.

Review
-----------

Review patches for bind, ansible, and ssh2

Various
-----------

I have attented monthly meeting

I was also FD

Cheers

rouca

[1]  https://www.freexian.com/lts/
[2]  https://www.freexian.com/lts/debian/#sponsors

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to