Debian LTS and ELTS report: April 2025
Hello,
I've worked during April 2025 on the below listed packages, for
Freexian LTS/ELTS [1].
Many thanks to Freexian and sponsors [2] for providing this opportunity!
LTS
===
- Published DLA-4117-1 for atop/bullseye to fix CVE-2025-31160.
(https://lists.debian.org/debian-lts-announce/2025/04/msg00013.html)
ELTS
====
- Triaged CVE-2024-2398/curl and CVE-2024-8096/curl.
- Backported and tested the fixes for buster and stretch.
- Published ELA-1386-1 for curl/buster,stretch to fix CVE-2024-2398 and CVE-2024-8096.
(https://www.freexian.com/lts/extended/updates/ela-1407-1-curl/)
- Published ELA-1386-1 for atop/buster to fix CVE-2025-31160.
(https://www.freexian.com/lts/extended/updates/ela-1386-1-atop/)
Both
====
- Triaged CVE-2025-31160/atop.
- Backported and tested the fixes for bullseye and buster.
- Triaged CVE-2025-32460/graphicsmagick.
- Does not affect bullseye and older.
(https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2131e59bb768f70e794cd47aa300f14c2f85f192)
- Triaged CVE-2024-11053/curl.
- Does not affect bullseye and older.
(https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f10e119d863ce97d242080104093b9027c492600)
Tooling and Documentation
=========================
- devscripts
- Pushed Bunk's patch to bump the LTS version to bullseye in debchange (dch).
(https://salsa.debian.org/debian/devscripts/-/commit/42aa6d69f966db31e4e4d7f9b8a093f214b0af31)
- lts-team.pages.debian.net
- Clarified the information about updating package DB.
(https://salsa.debian.org/lts-team/lts-team.pages.debian.net/-/merge_requests/17)
- Updated debian/curl to have up-to-date ELTS branches and archived
lts-team/packages/curl.
(https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/205)
Best regards,
Charles
[1] https://www.freexian.com/lts/
[2] https://www.freexian.com/lts/debian/#sponsors
Reply to: