Posted on

My Debian Activities in February 2026

Debian LTS/ELTS

This was my hundred-fortieth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

During my allocated time I uploaded or worked on:

  • [DLA 4474-1] rlottie security update to fix three CVEs related to boundary checks.
  • [DLA 4477-1] munge security update to fix one CVE related to a buffer overflow.
  • [DLA 4483-1] gimp security update to fix four CVEs related to arbitrary code execution.
  • [DLA 4487-1] gegl security update to fix two CVEs related to heap-based buffer overflow.
  • [DLA 4489-1] libvpx security update to fix one CVE related to a buffer overflow.
  • [ELA-1649-1] gimp security update to fix three CVEs in Buster and Stretch related to arbitrary code execution.
  • [ELA-1650-1] gegl security update to fix two CVEs in Buster and Stretch related to heap-based buffer overflow.

Some CVEs could be marked as not-affected for one or all LTS/ELTS-releases. I also worked on package evolution-data-server and attended the monthly LTS/ELTS meeting.

Debian Printing

This month I uploaded a new upstream versions:

This work is generously funded by Freexian!

Debian Lomiri

This month I continued to worked on unifying packaging on Debian and Ubuntu. This makes it easier to work on those packages independent of the used platform.

This work is generously funded by Fre(i)e Software GmbH!

Debian Astro

This month I uploaded a new upstream version or a bugfix version of:

  • c-munipack to unstable. This package now contains a version without GTK support. Upstream is working on a port to GTK3 but seems to need some more time to finish this.
  • libasi to unstable.
  • libdfu-ahp to unstable.
  • libfishcamp to unstable.
  • libinovasdk to unstable.
  • libmicam to unstable.
  • siril to unstable (sponsored upload).

Debian IoT

This month I uploaded a new upstream version or a bugfix version of:

Unfortunately development of openoverlayrouter finally stopped, so I had to remove this package from the archive.

Debian Mobcom

This month I uploaded a new upstream version or a bugfix version of:

misc

This month I uploaded a new upstream version or a bugfix version of:

I also sponsored the upload of some Matomo dependencies. Thanks a lot to William for preparing the packages

Posted on

My Debian Activities in January 2026

Debian LTS/ELTS

This was my hundred-thirty-ninth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian (as the LTS- and ELTS-teams have been merged now, there is only one paragraph left for both activities).

During my allocated time I uploaded or worked on:

  • [DLA 4449-1] zvbi security update to fix five CVEs related to uninitialized pointers and integer overflows.
  • [DLA 4450-1] taglib security update to fix one CVE related to a segmentation violation.
  • [DLA 4451-1] shapelib security update to fix one CVE related to a double free.
  • [DLA 4454-1] libuev security update to fix one CVE related to a buffer overrun.
  • [ELA-1620-1] zvbi security update to fix five CVEs in Buster and Stretch related to uninitialized pointers and integer overflows.
  • [ELA-1621-1] taglib security update to fix one CVE in Buster and Stretch related to a segmentation violation.
  • [#1126167] bookworm-pu bug for zvbi to fix five CVEs in Bookworm.
  • [#1126273] bookworm-pu bug for taglib to fix one CVE in Bookworm.
  • [#1126370] bookworm-pu bug for libuev to fix one CVE in Bookworm.

I also attended the monthly LTS/ELTS meeting. While working on updates, I stumbled upon packages, whose CVEs have been postponed for a long time and their CVSS score was rather high. I wonder whether one should pay more attention to postponed issues, otherwise one could have already marked them as ignored.

Debian Printing

Unfortunately I didn’t found any time to work on this topic.

Debian Lomiri

This month I worked on unifying packaging on Debian and Ubuntu. This makes it easier to work on those packages independent of the used platform.

This work is generously funded by Fre(i)e Software GmbH!

Debian Astro

This month I uploaded a new upstream version or a bugfix version of:

Debian IoT

Unfortunately I didn’t found any time to work on this topic.

Debian Mobcom

Unfortunately I didn’t found any time to work on this topic.

misc

This month I uploaded a new upstream version or a bugfix version of:

Unfortunately this month I was distracted from my normal Debian work by other unpleasant things, so that the paragraphs above are mostly empty. I now have to think about how many of my spare time I am able to dedicate to Debian in the future.