Debian LTS and ELTS report for November 2025 (charles)
I've worked during November 2025 on the below listed packages, for
Freexian LTS/ELTS [1].
Many thanks to Freexian and sponsors [2] for providing this opportunity!
LTS
===
- Published DLA-4367-1 for keystone/bullseye to fix CVE-2025-65073 and
the accompaining fix for swift (DLA-4366-1) to work with the updated
keystone package.
(https://lists.debian.org/debian-lts-announce/2025/11/msg00010.html)
(https://lists.debian.org/debian-lts-announce/2025/11/msg00009.html)
- Zigo prepared, tested and uploaded the fixes (thanks!), I just did
the paperwork.
- Started to work on ffmpeg for bullseye to fix pending CVEs.
ELTS
====
- Worked on gdk-pixbuf's CVE-2025-7345/buster,stretch.
- Finished testing and final touches before publishing the ELA.
- Published ELA-1570-1 for gdk-pixbuf/buster,stretch to fix CVE-2025-7345.
(https://www.freexian.com/lts/extended/updates/ela-1570-1-gdk-pixbuf/)
- Started to work on ffmpeg for buster/stretch to fix pending CVEs.
Tooling, Documentation and Misc
================================
- Attended (E)LTS meeting partially.
- Filled gdk-pixbuf's bookworm-pu to fix CVE-2025-7345 (#1121041).
(https://bugs.debian.org/1121041)
- Explored and documented how to create incus ELTS VM images. Drafted a
detailed blog post, but it needs to be condesated (a lot) to go to
lts-team website in the technical workflows.
(https://github.com/charles2910/charles2910.github.io/blob/draft/post-about-incus-elts-vms/_posts/2025-11-05-elts-incus-vm-images.md)
- Prepared a list of the packages to migrate from lts-team/packages to
openstack-team group on salsa.
(https://salsa.debian.org/lts-team/lts-extra-tasks/-/work_items/99)
- Documented extra steps when releasing a DLA for a vulnerability
without a CVE assignment.
(https://salsa.debian.org/lts-team/lts-extra-tasks/-/work_items/100)
Best regards,
Charles
[1] https://www.freexian.com/lts/
[2] https://www.freexian.com/lts/debian/#sponsors
Reply to: