{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreic73dy3k4i7s5gnw5zhwm2f6tfafjypmcdy7vdn55d2cwzm6llmom",
"uri": "at://did:plc:46ti67tc37qcmwp2vaynk6fq/app.bsky.feed.post/3mee34jc2xhm2"
},
"path": "/2026/02/2779/",
"publishedAt": "2026-02-08T13:47:54.900Z",
"site": "http://blog.alteholz.eu",
"tags": [
"[DLA 4449-1",
"[DLA 4450-1",
"[DLA 4451-1",
"[DLA 4454-1",
"[#1126167",
"[#1126273",
"[#1126370",
"Fre(i)e Software GmbH",
"supernovas",
"libahp-xc",
"c-munipack",
"liburjtag"
],
"textContent": "### **Debian LTS/ELTS**\n\nThis was my hundred-thirty-ninth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian (as the LTS- and ELTS-teams have been merged now, there is only one paragraph left for both activities).\n\nDuring my allocated time I uploaded or worked on:\n\n * [DLA 4449-1] zvbi security update to fix five CVEs related to uninitialized pointers and integer overflows.\n * [DLA 4450-1] taglib security update to fix one CVE related to a segmentation violation.\n * [DLA 4451-1] shapelib security update to fix one CVE related to a double free.\n * [DLA 4454-1] libuev security update to fix one CVE related to a buffer overrun.\n * [ELA-1620-1] zvbi security update to fix five CVEs in Buster and Stretch related to uninitialized pointers and integer overflows.\n * [ELA-1621-1] taglib security update to fix one CVE in Buster and Stretch related to a segmentation violation.\n * [#1126167] bookworm-pu bug for zvbi to fix five CVEs in Bookworm.\n * [#1126273] bookworm-pu bug for taglib to fix one CVE in Bookworm.\n * [#1126370] bookworm-pu bug for libuev to fix one CVE in Bookworm.\n\n\n\nI also attended the monthly LTS/ELTS meeting. While working on updates, I stumbled upon packages, whose CVEs have been postponed for a long time and their CVSS score was rather high. I wonder whether one should pay more attention to postponed issues, otherwise one could have already marked them as _ignored_.\n\n### **Debian Printing**\n\nUnfortunately I didn’t found any time to work on this topic.\n\n### **Debian Lomiri**\n\nThis month I worked on unifying packaging on Debian and Ubuntu. This makes it easier to work on those packages independent of the used platform.\n\n**This work is generously funded byFre(i)e Software GmbH!**\n\n### **Debian Astro**\n\nThis month I uploaded a new upstream version or a bugfix version of:\n\n * … supernovas to unstable (sponsored upload).\n * … libahp-xc to unstable.\n * … c-munipack to unstable.\n\n\n\n### **Debian IoT**\n\nUnfortunately I didn’t found any time to work on this topic.\n\n### **Debian Mobcom**\n\nUnfortunately I didn’t found any time to work on this topic.\n\n### **misc**\n\nThis month I uploaded a new upstream version or a bugfix version of:\n\n * … liburjtag to unstable.\n\n\n\nUnfortunately this month I was distracted from my normal Debian work by other unpleasant things, so that the paragraphs above are mostly empty. I now have to think about how many of my spare time I am able to dedicate to Debian in the future.",
"title": "Thorsten Alteholz",
"updatedAt": "2026-02-08T13:25:37.000Z"
}