Debian LTS and ELTS report: November 2025
Hi,
This is summary on the work I did for Debian LTS and ELTS in November
2025. Thanks to Freexian and sponsors for making this possible [0].
### LTS work
- CVE-2025-64181/openexr: verified that bullseye is not affected, and
mark it as such.
- Joined the Python Team to maintain LTS uploads there.
- python-gevent: Configured git branches and Salsa CI for LTS uploads.
Backported upstream fix CVE-2023-41419, including tests. The bullseye
package does not run tests at package build time. I had to modify the
packaging to run them. The testsuite does not run cleanly on Debian
(this is know), but I was able to verify that the newly added tests all
pass. As I didn’t get to a clean pass I didn’t commit these changes.
This step took most time while working at CVE-2023-41419. Released
DLA-4377-1.
- samba: Backport upstream fix and tests for CVE-2025-9640. Fixed Salsa
CI pipeline. Performed testing, keeping in mind the package is
high-popcon. Released DLA-4384-1.
- sogo: Backported upstream fix for CVE-2025-63498. Released DLA-4386-1.
Reached out the the Maintainers about repo location for LTS uploads.
- Attended the monthly IRC meeting.
### ELTS work
- CVE-2025-64181/openexr: verify that buster and stretch are not
affected, and mark them as such.
- CVE-2023-41419/python-gevent: I backported the Bullseye fixes to both
Buster and Stretch, but I was not able to run the package test suite
yet, despite spending quite some time on it. I do not feel confident
releasing ELAs without test runs. I’ll carry over to next month. NOTEs
are updated accordingly.
Cheers,
Paride
[0] https://www.freexian.com/lts/debian/#sponsors
Reply to: