Debian LTS and ELTS report: August 2025

To: debian-lts@lists.debian.org
Subject: Debian LTS and ELTS report: August 2025
From: Paride Legovini <paride@debian.org>
Date: Mon, 1 Sep 2025 20:39:08 +0200
Message-id: <[🔎] d7627329-9ea9-4765-8b1a-351d8084fe40@debian.org>

Hi,

This is summary on the work I did for Debian LTS and ELTS in February
2025. Thanks to Freexian and sponsors for making this possible [0].

Debian LTS
==========

* Investigated sqlite3 for CVE-2025-43967. Conclusion was that Bullseye
is not affected; marked as such in the security tracker.

* Investigated libsndfile for CVE-2025-52194, and eventually postponed
the fix for Bullseye. Rationale in dcdd57c26 commit message.

* Investigated for CVE-2022-33065 and CVE-2024-50612, for which fixes
were pending in Bookworm p-u. Joined the relevant Debian team, created
LTS branch, enabled CI, backported fixed, tested fixed, and eventually
released DLA-4287-1.

Debian ELTS
===========

* After investigation, marked Buster and Stretch not-affected by
CVE-2025-43967/sqlite3. See also related LTS work.

Tooling
=======

Fixed src:autopkgtest bug that caused some autopkgtest-build-* to
configure archive.debian.org as the mirror for Bullseye, instead of
using the official Debian mirrors while on LTS support. See [1].

Cheers,

Paride

[0] https://www.freexian.com/lts/debian/#sponsors
[1] https://salsa.debian.org/ci-team/autopkgtest/-/merge_requests/594

Reply to:

Prev by Date: Debian LTS and ELTS report for August 2025
Next by Date: Re: EOLing nvidia-graphics-drivers for bullseye?
Previous by thread: Debian LTS and ELTS report for August 2025
Next by thread: Re: EOLing nvidia-graphics-drivers for bullseye?
Index(es):
- Date
- Thread