Hi, here are some remarks about my work during last month.
- python-tornado (ELTS / DSA) I released ELA 1654-1 (Stretch) fixing CVE-2025-47287, CVE-2025-67724, CVE-2025-67725, and CVE-2025-67726. I also got the OK of the security team and uploaded the DSA candidates for Bookworm and Trixie to the archive. - node-tar (ELTS / LTS / OSPU/SPU/DSA) I worked on all open issues for node-tar. This included fixing the test systems. For ELTS, I have not yet managed to fix it, though. The recently published CVE-2026-26960 complicates the situation. It requires backporting subsequent changes to code introduced with the fix for CVE-2026-23745, which itself introduces CVE-2026-24842. I am working on resolving this situation and finishing the LTS and DSA updates. - python-aiohttp (LTS / OSPU/SPU) I continued with my work. Progress is still slow. - python-authlib (OSPU/SPU) As requested, I created updates for Bookworm and Trixie and opened #1129246 and #1129477. - misc I did some triaging for packages listed for LTS/ELTS work as always. Thanks to Freexian and Freexian's sponsors for making these projects possible: https://www.freexian.com/lts/debian/#sponsors). Regards, Daniel
signature.asc
Description: This is a digitally signed message part
