I've worked during February 2026 on the below listed packages, for Freexian LTS/ELTS [1]
zabbix ====== Helped rouca to determine why the candidate for zabbix/bookworm, as FTBFSed due to go issues: zabbix expectes go > 1.21, however bookworm is at 1.19, so some of the new features used has to be backported not to use the new features. modsecurity-crs =============== (Continued from January) Prepared and fixed, wiith coordination and help from the maintainer CVE-2026-21876 and CVE-2023-38199 for bullseye and bookworm. This has been released as DLA-4488-1 and ELA-1651-1 busybox ======= (Continued from January) Prepared the update for bookworm, coordinating with maintainer, security team. The update package has been uploaded via the oldstable-proposed-updates mechanism. (#1129503) and is awaiting the approval of the release team. libpng ===== There was a security issue with libpng, CVE-2026-25646 - Heap buffer overflow. I've prepared uploads for trixie and bookworm (DSA-6138-1), bullseye (DLA-4481-1), buster and stretch (ELA-1647-1) As for buster and stretch two additional CVEs haven't been fixed yet, I've included them into the update as well: - CVE-2026-22801 - Heap buffer over-read - CVE-2026-22695 - Heap buffer over-read [1] https://www.freexian.com/lts/ [2] https://www.freexian.com/lts/debian/#sponsors Cheers, -- tobi
signature.asc
Description: PGP signature
