Debian LTS and ELTS report: May 2025

To: debian-lts@lists.debian.org
Subject: Debian LTS and ELTS report: May 2025
From: Carlos Henrique Lima Melara <charles@debian.org>
Date: Sat, 31 May 2025 14:16:58 -0300
Message-id: <[🔎] xilrtrh3e2t3ru7ubrsguruguzmo3mpn7ybbok55oixjhr2c6g@56766mhechau>

Hello,

I've worked during May 2025 on the below listed packages, for
Freexian LTS/ELTS [1].

Many thanks to Freexian and sponsors [2] for providing this opportunity!

LTS
===

- Published DLA-4159-1 for postgresql-13/bullseye to fix CVE-2025-4207.
  (https://lists.debian.org/debian-lts-announce/2025/05/msg00011.html)

- Triaged CVE-2025-48174/libavif and CVE-2025-48175/libavif
  - Backported and tested the fixes for bullseye.
  - Published DLA-4179-1 for libavif/bullseye to fix CVE-2025-4207.
    (https://lists.debian.org/debian-lts-announce/2025/05/msg00031.html)

- Triaged CVE-2025-4598/systemd
  - Started to backport and test the fix for bullseye.

ELTS
====

- Triaged CVE-2023-27534/curl, CVE-2023-28321/curl and CVE-2023-28322/curl.
  - Backported and tested the fixes for jessie.
    - One remaining regression to fix before releasing the ELA:
      - Fix for CVE-2023-27534 must allow sftp://host/~ as reported and fixed in
        https://github.com/curl/curl/commit/91b53efa4b6854dc3688f55bfb329b0cafcf5325

Tooling and Documentation
=========================

- Setup debusine for LTS and ELTS uploads
  - Tested with curl upload to jessie and libavif to bullseye

- Improved LTS documentation on ASAN and UBSAN.
  (https://salsa.debian.org/lts-team/lts-team.pages.debian.net/-/merge_requests/19)

- Attended (E)LTS meeting

Best regards,
Charles

[1]  https://www.freexian.com/lts/
[2]  https://www.freexian.com/lts/debian/#sponsors

Reply to:

Prev by Date: Debian LTS & ELTS -- May 2025
Previous by thread: Debian LTS & ELTS -- May 2025
Index(es):
- Date
- Thread