# April 2026

During this month, I have worked on the following tasks for Debian LTS and ELTS.
Thanks to Freexian and sponsors for making this possible [0].

## nghttp2

- Investigated CVE-2026-27135 for trixie, bookworm, bullseye, buster & stretch
  * preparing backports for E/LTS,
    https://salsa.debian.org/lts-team/packages/nghttp2/-/merge_requests/{1,2,3}
  * preparing backports for the security team,
    https://salsa.debian.org/debian/nghttp2/-/merge_requests/{11,12}
  * Ongoing coordination with security team and upstream maintainer,
    https://lists.debian.org/debian-security/2026/04/msg00005.html
- Testing and validation of patches inside containers & debusine, incl. a
  written test plan (in MR).
  * There's still an (unrelated) test failure in bullseye on Debusine, that
    cannot be reproduced locally and needs to be investigated.
- transition of nghttp2 lts-team repositories together with @santiago
- Bullseye patches reviewed by @roucha, thanks!

## Misc
- Attended the monthly LTS/ELTS team meeting.
- Prepare "LTS Security Team" => "LTS Team" transition for d/changelog NMU
  * https://salsa.debian.org/lts-team/lts-team.pages.debian.net/-/merge_requests/33
  * https://salsa.debian.org/debian/devscripts/-/merge_requests/640

Cheers,
  Lukas

[0] https://www.freexian.com/lts/debian/#sponsors