I've worked during May 2026 on the below listed packages, for
Freexian LTS/ELTS

Many thanks to Freexian and sponsors for providing this 
opportunity!

LTS:
===

ruby-rack: Prepared update fixing 12 CVEs for both trixie and bookworm.
           Except CVE-2026-26962, for which I have asked clarity from
	   upstream.
	   https://lists.debian.org/debian-lts/2026/05/msg00013.html
	   https://lists.debian.org/debian-lts/2026/05/msg00024.html

xrdp: Added all upstream fixes related to CVEs to security-tracker.
      Fixed all pending CVEs, except CVE-2026-32107, CVE-2026-33145
      and CVE-2026-35512.

lemonldap-ng: Uploaded package fixing 3 CVEs. Fixed prepared by
              maintainer yadd. Released [DLA 4602-1] 

calibre: Worked on SPU. Fortunately, maintainer uploaded new updates
         to PU fixing most of the issues. Working on backporting other
         pending fixes to bullseye LTS.

ruby2.7: Continuing my work on CVE-2025-58767 from previous month.


ELTS:
====
This month I couldn't work on any packages for ELTS.


--

[DLA 4602-1] - https://lists.debian.org/debian-lts-announce/2026/05/msg00050.html