Debian LTS and ELTS report for January 2026 (charles)
I've worked during January 2026 on the below listed packages, for
Freexian LTS/ELTS [1].
Many thanks to Freexian and sponsors [2] for providing this opportunity!
LTS
===
- Published DLA-4440-1 for ffmpeg/bullseye to fix CVE-2023-6603,
CVE-2024-36615, CVE-2025-1594, CVE-2025-7700, CVE-2025-9951,
CVE-2025-10256 and CVE-2025-63757.
(https://lists.debian.org/debian-lts-announce/2026/01/msg00011.html)
- The fixes were submitted upstream and merged in the 4.3 lts
branch!
(https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21275)
- Finished investigating a possible regression spotted by debusine
before releasing the DLA. lebiniou's (reverse dependency)
autopkgtest was failing for i386, but it wasn't reproducible
locally.
(https://debusine.debian.net/debian/developers/work-request/338625/)
- Published DLA-4432-1 for curl/bullseye to fix CVE-2025-9086.
(https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html)
- It was later discovered the CVE actually didn't affect bookworm
and older, so it was just a minor bugfix. Nonetheless, the
security-tracker was updated to reflect the CVE doesn't affect
bullseye.
(https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ab52126db12b14182d36dda188900b0a98cab49)
ELTS
====
- Started to work on ffmpeg for buster to fix pending CVEs.
- Fixed freexian's git fork history by re-importing previous debian
releases of ffmpeg.
(https://lists.debian.org/debian-lts/2026/01/msg00023.html)
Tooling, Documentation and Misc
================================
- Attended (E)LTS meeting.
Best regards,
Charles
[1] https://www.freexian.com/lts/
[2] https://www.freexian.com/lts/debian/#sponsors
Reply to: