I've worked during April 2026 on the below listed packages, for
Freexian LTS/ELTS

Many thanks to Freexian and sponsors for providing this 
opportunity!

LTS:
===

libstb: Worked on CVE-2023-45680 CVE-2023-45681 CVE-2023-45682
        CVE-2023-45677, CVE-2023-45676, CVE-2023-45679, CVE-2023-45678
	though fixes provided by reporter never merged upstream, but
	some embed libstb projects have merged it. Decided to wait for
        upstream confirmation.
         
calibre: Continuing work from last month, fixed CVE-2025-64486
         CVE-2026-25635 CVE-2026-25636 CVE-2026-26064 CVE-2026-26065
         tested and uploaded. Released [DLA 4554-1]. Started for SPU

ruby2.7: Fixed every pending CVEs except CVE-2025-58767, which have
         big changeset. Will see the about work around.
	 https://people.debian.org/~abhijith/upload/ruby2.7_patches/

ruby-rack: There are 13 pending CVEs, Working on SPU and OSPU first
           before LTS.
          
libexif: Reviewed patches prepared by Emmanuel.

lemonldap-ng: Re-pinged maintainer yadd. Work is upload ready, will
              upload soon
	      https://salsa.debian.org/perl-team/modules/packages/lemonldap-ng/-/tree/bullseye?ref_type=heads

ELTS:
====
This month I couldn't work on any packages for ELTS.


--

[DLA 4554-1] - https://lists.debian.org/debian-lts-announce/2026/04/msg00036.html