I've worked during june on the below listed packages, for Freexian LTS/ELTS [1]
Many thanks to Freexian and our sponsors [2] for providing this opportunity!
Apache2
--------------
In urgency fix CVE-2026-49975 sid/trixie/bookworm/buster/stretch aka HTTP2 bomb
backport fixes from 2.4.68 to bullseye
Release 2.4.67-1~deb11u3
CVE ID : CVE-2026-29167 CVE-2026-29170 CVE-2026-34355 CVE-2026-34356
CVE-2026-42535 CVE-2026-42536 CVE-2026-43951 CVE-2026-44119
CVE-2026-44185 CVE-2026-44186 CVE-2026-44631 CVE-2026-48913
Debian Bug : 1139340
backport to buster
Release
ELA-1754-1-apache2
backport to stretch
snapd
----------
Determine that CVE-2026-3888 fix need to backport systemd
imagemagick
--------------------
Fix CVE-2026-48733 CVE-2026-48734 CVE-2026-48994 CVE-2026-49218
CVE-2026-53460 CVE-2026-53463
Fix also for ELTS
CVE-2026-33901 CVE-2026-42326 CVE-2026-45358 CVE-2026-45624 CVE-2026-45664
CVE-2026-46520 CVE-2026-46521
CVE-2026-46522 CVE-2026-46523 CVE-2026-46559 CVE-2026-46692 CVE-2026-46693
CVE-2026-47165 CVE-2026-47166
As usual with imagemagick progress was slow due to being ported between two
majors version.
Review
-----------
Review patches for bind, ansible, and ssh2
Various
-----------
I have attented monthly meeting
I was also FD
Cheers
rouca
[1] https://www.freexian.com/lts/
[2] https://www.freexian.com/lts/debian/#sponsors
signature.asc
Description: This is a digitally signed message part.
