During this month, I have worked on the following tasks for Debian LTS and ELTS.
Thanks to Freexian and sponsors for making this possible [0].
nghttp2
- Investigated CVE-2026-27135 for trixie, bookworm, bullseye, buster & stretch
- preparing backports for E/LTS,
https://salsa.debian.org/lts-team/packages/nghttp2/-/merge_requests/{1,2,3} - preparing backports for the security team,
https://salsa.debian.org/debian/nghttp2/-/merge_requests/{11,12} - Ongoing coordination with security team and upstream maintainer,
https://lists.debian.org/debian-security/2026/04/msg00005.html - Testing and validation of patches inside containers & debusine, incl. a
written test plan (in MR). - There’s still an (unrelated) test failure in bullseye on Debusine, that
cannot be reproduced locally and needs to be investigated. - transition of nghttp2 lts-team repositories together with @santiago
- Bullseye patches reviewed by @roucha, thanks!
Misc
- Attended the monthly LTS/ELTS team meeting.
- Prepare “LTS Security Team” => “LTS Team” transition for d/changelog NMU
- https://salsa.debian.org/lts-team/lts-team.pages.debian.net/-/merge_requests/33
- https://salsa.debian.org/debian/devscripts/-/merge_requests/640
Cheers,
Lukas