{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreiblwtf6ew6fudsg4sgxqtmx2rwzqu4vsnzuatytcjxmalg2rcgbpy",
"uri": "at://did:plc:46ti67tc37qcmwp2vaynk6fq/app.bsky.feed.post/3ml4m5rnhud62"
},
"path": "/2026/05/my-debian-activities-in-april-2026/",
"publishedAt": "2026-05-05T16:27:54.076Z",
"site": "http://blog.alteholz.eu",
"tags": [
"DLA 4530-1",
"DLA 4544-1",
"DLA 4545-1",
"DLA 4547-1",
"1126167",
"1126273",
"1126370",
"1134340",
"foo2zjs",
"cups",
"Freexian",
"Fre(i)e Software GmbH",
"indi-apogee",
"indi-nexdome",
"libahp-xc",
"libcoap3",
"osmo-iuh",
"bottlerocket",
"cd5",
"usb-modeswitch-data",
"libpicohttpparser"
],
"textContent": "### **Debian LTS/ELTS**\n\nThis was my hundred-forty-second month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.\n\nDuring my allocated time I uploaded or worked on:\n\n * [DLA 4530-1] gst-plugins-bad1.0 security update to fix two CVEs related to denial of service or execution of arbitrary code if a malformed media file is opened.\n * [DLA 4544-1] ntfs-3g to fix one CVE related to local root privilege escalation.\n * [DLA 4545-1] packagekit security update to fix one CVE related to local privilege escalation.\n * [DLA 4547-1] gimp security update to fix three CVEs related to denial of service or execution of arbitrary code if a malformed PSP, JPEG 2000 or PSD file is opened.\n * [ELA-1682-1] gst-plugins-bad1.0 security update to fix two CVEs in Buster and Stretch related to denial of service or execution of arbitrary code.\n * [ELA-1689-1] ntfs-3g security update to fix one CVE in Buster and Stretch related to local root privilege escalation..\n * [ELA-1693-1] pakagekit security update to fix one CVE in Buster and Stretch related to local privilege escalation.\n * [#1126167] bookworm-pu upload of zvbi\n * [#1126273] bookworm-pu upload of taglib\n * [#1126370] bookworm-pu upload of libuev\n * [libcoap3] upload to sid to fix two CVEs related to out-of-bounds read and stacked based buffer overflow.\n * [#1134340] trixie-pu bug for libcoap3 to fix two CVEs in Trixie.\n * [cups] upload to sid to fix six CVEs.\n\n\n\nI also did a week of front desk duties and started to work on backports of the _cups_ CVEs.\n\n### **Debian Printing**\n\nThis month I uploaded a new upstream versions:\n\n * … foo2zjs to unstable.\n * … cups to unstable.\n\n\n\nUnfortunately the first upload of cups introduces a regression and another upload was needed to take care of a crash. The patch for one CVE also broke a test script, which is used by lots of printing packages in Debian. As a result some autopkgtest runs failed. This could be fixed as well and the only remaining issue that needs some more investigation is related to cups-pdf.\n\n**This work is generously funded by Freexian!**\n\n### **Debian Lomiri**\n\nThis month I continued to work on unifying packaging on Debian and Ubuntu. This makes it easier to work on those packages independent of the used platform.\n\nI also started working on two new packages: _lomiri-radio-app_ and _lomiri-fretboardtrainer-app_\n\n**This work is generously funded by Fre(i)e Software GmbH!**\n\n### **Debian Astro**\n\nThis month I uploaded a new upstream version or a bugfix version of:\n\n * … indi-apogee to experimental.\n * … indi-nexdome to experimental.\n * … libahp-xc to unstable.\n\n\n\n### **Debian IoT**\n\nThis month I uploaded a new upstream version or a bugfix version of:\n\n * … libcoap3 to unstable.\n\n\n\nMarcos Talau joined the Debian IoT group, welcome aboard.\n\n### **Debian Mobcom**\n\nThis month I uploaded a new upstream version or a bugfix version of:\n\n * … osmo-iuh to unstable.\n\n\n\n### **misc**\n\nThis month I uploaded a new upstream version or a bugfix version of:\n\n * … bottlerocket to unstable.\n * … cd5 to unstable.\n * … usb-modeswitch-data to unstable.\n * … libpicohttpparser to unstable (sponsored upload for Joachim Zobel.\n\n",
"title": "Thorsten Alteholz: My Debian Activities in April 2026",
"updatedAt": "2026-05-05T14:24:27.000Z"
}