Debian LTS and ELTS report: September 2025

To: debian-lts@lists.debian.org
Subject: Debian LTS and ELTS report: September 2025
From: Carlos Henrique Lima Melara <charles@debian.org>
Date: Thu, 2 Oct 2025 00:14:01 -0300
Message-id: <[🔎] ze264lr3qky2byhhv3nqfcky2dz25ztk67yvywfnvlo3smhsar@evejgk7h3oza>

Hi,

I've worked during September 2025 on the below listed packages, for
Freexian LTS/ELTS [1].

Many thanks to Freexian and sponsors [2] for providing this opportunity!

LTS
===

- Triaged varnish's CVE-2025-8671.
  (https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/247)
- Started to work on gdk-pixbuf's CVE-2025-7345.
  (https://security-tracker.debian.org/tracker/CVE-2025-7345)


ELTS
====

- Worked on openvpn to backport and test the fixes for CVE-2022-0547 and
  CVE-2024-5594 in buster and stretch
- Published ELA-1518-1 for openvpn/buster to fix CVE-2022-0547 and CVE-2025-5594.
  (https://www.freexian.com/lts/extended/updates/ela-1518-1-openvpn/)
- Published ELA-1519-1 for openvpn/stretch to fix CVE-2025-5594.
  (https://www.freexian.com/lts/extended/updates/ela-1519-1-openvpn/)


Tooling, Documentation  and Misc
================================

- Attended (E)LTS meeting
- Updated a paragraph in ELTS documentation about source uploads.


Best regards,
Charles

[1]  https://www.freexian.com/lts/
[2]  https://www.freexian.com/lts/debian/#sponsors

Reply to:

Prev by Date: E?LTS report
Next by Date: Debian LTS and ELTS report for September 2025
Previous by thread: E?LTS report
Next by thread: Debian LTS and ELTS report: September 2025
Index(es):
- Date
- Thread