Monthly report about Debian Long Term Support, April 2025

Like each month, have a look at the work funded by Freexian’s Debian LTS offering.

Debian LTS contributors

In April, 22 contributors have been paid to work on Debian LTS, their reports are available:

• Adrian Bunk did 56.25h (out of 56.25h assigned).
• Andreas Henriksson did 15.0h (out of 20.0h assigned), thus carrying over 5.0h to the next month.
• Andrej Shadura did 10.0h (out of 6.0h assigned and 4.0h from previous period).
• Bastien Roucariès did 31.5h (out of 31.5h assigned).
• Ben Hutchings did 8.0h (out of 0.0h assigned and 12.0h from previous period), thus carrying over 4.0h to the next month.
• Carlos Henrique Lima Melara did 11.0h (out of 12.0h assigned), thus carrying over 1.0h to the next month.
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Daniel Leidert did 26.0h (out of 26.0h assigned).
• Emilio Pozuelo Monfort did 30.0h (out of 39.25h assigned and 0.25h from previous period), thus carrying over 9.5h to the next month.
• Guilhem Moulin did 8.5h (out of 3.25h assigned and 11.75h from previous period), thus carrying over 6.5h to the next month.
• Jochen Sprickerhof did 12.5h (out of 20.75h assigned and 9.25h from previous period), thus carrying over 17.5h to the next month.
• Lee Garrett did 26.25h (out of 7.75h assigned and 31.75h from previous period), thus carrying over 13.25h to the next month.
• Lucas Kanashiro did 50.0h (out of 0.0h assigned and 52.0h from previous period), thus carrying over 2.0h to the next month.
• Markus Koschany did 39.5h (out of 39.5h assigned).
• Roberto C. Sánchez did 9.0h (out of 0.0h assigned and 12.0h from previous period), thus carrying over 3.0h to the next month.
• Santiago Ruano Rincón did 12.5h (out of 7.5h assigned and 7.5h from previous period), thus carrying over 2.5h to the next month.
• Sean Whitton did 7.0h (out of 7.0h assigned).
• Stefano Rivera did 0.5h (out of 0.0h assigned and 10.0h from previous period), thus carrying over 9.5h to the next month.
• Sylvain Beucler did 39.5h (out of 39.25h assigned and 0.25h from previous period).
• Thorsten Alteholz did 15.0h (out of 15.0h assigned).
• Tobias Frost did 12.0h (out of 7.75h assigned and 4.25h from previous period).
• Utkarsh Gupta did 2.0h (out of 2.0h assigned).

Evolution of the situation

In April, we released 46 DLAs.

• Notable security updates:
  • jetty9, prepared by Markus Koschany, fixes an information disclosure and potential remote code execution vulnerability
  • zabbix, prepared by Tobias Frost, fixes several vulnerabilities, encompassing denial of service, information disclosure or remote code inclusion
  • glibc, prepared by Sean Whitton, fixes a buffer overflow vulnerability
• Notable non-security updates:
  • tzdata, prepared by Emilio Pozuelo Monfort, brings the latest timezone database release
  • php-horde-editor and php-horde-imp, prepared by Sylvain Beucler, have been updated to switch from CKEditor v3, which is EOL, to CKEditor v4; this builds upon work done last month by Sylvain and Bastien for the complete removal of ckeditor3
  • distro-info-data, prepared by Stefano Rivera, adds information concerning future Debian and Ubuntu releases

The LTS team continues to welcome the collaboration of maintainers and other interested parties from outside the regular team. In April, we had external updates contributed by: Yadd - lemonldap-ng and Moritz Schlarb - libapache2-mod-auth-openidc

A point release of the current stable Debian 12 (codename “bookworm”) is planned for mid-May and several LTS contributors have prepared packages for this update, many of them prepared in conjunction with related LTS updates of the same packages:

• glib2.0, haproxy, imagemagick, poppler, and python-h11, prepared by Adrian Bunk
• rubygems, prepared by Lucas Kanashiro
• ruby3.1 (in collaboration with Lucas Kanashiro), twitter-bootstrap3, twitterboot-strap4, wpa, and erlang, prepared by Bastien Roucariès (corresponding updates of twitter-bootstrap3 and twitter-bootstrap4 were also uploaded to Debian unstable)
• abseil, prepared by Tobias Frost (a corresponding update was also uploaded to Debian unstable)
• vips, prepared by Guilhem Moulin

Additional updates of ruby3.3 and rubygems were prepared for Debian unstable by Lucas Kanashiro.

And finally, a highlight of our continued commitment to enhancing long term support efforts in upstream projects. Freexian, as the primary entity behind the management and execution of the LTS project, has partnered with Invisible Things Lab to extend the upstream security support of Xen 4.17, which is shipped in Debian 12 “bookworm” (the current stable release). This partnership will result in significantly improved lifecycle support for users of Xen on bookworm, and members of the LTS team will play a part in this endeavour. The Freexian announcement has additional details.

Thanks to our sponsors

Sponsors that joined recently are in bold.

• Platinum sponsors:
  • Toshiba Corporation (for 115 months)
  • Civil Infrastructure Platform (CIP) (for 83 months)
  • VyOS Inc (for 47 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 125 months)
  • Akamai - Linode (for 120 months)
  • Babiel GmbH (for 109 months)
  • Plat’Home (for 108 months)
  • University of Oxford (for 65 months)
  • Deveryware (for 53 months)
  • EDF SA (for 37 months)
  • Dataport AöR (for 12 months)
  • CERN (for 10 months)
• Silver sponsors:
  • Domeneshop AS (for 130 months)
  • Nantes Métropole (for 124 months)
  • Univention GmbH (for 116 months)
  • Université Jean Monnet de St Etienne (for 116 months)
  • Ribbon Communications, Inc. (for 110 months)
  • Exonet B.V. (for 100 months)
  • Leibniz Rechenzentrum (for 94 months)
  • Ministère de l’Europe et des Affaires Étrangères (for 78 months)
  • Cloudways by DigitalOcean (for 67 months)
  • Dinahosting SL (for 65 months)
  • Bauer Xcel Media Deutschland KG (for 59 months)
  • Platform.sh SAS (for 59 months)
  • Moxa Inc. (for 53 months)
  • sipgate GmbH (for 51 months)
  • OVH US LLC (for 49 months)
  • Tilburg University (for 49 months)
  • GSI Helmholtzzentrum für Schwerionenforschung GmbH (for 40 months)
  • THINline s.r.o. (for 13 months)
  • Copenhagen Airports A/S (for 7 months)
• Bronze sponsors:
  • Seznam.cz, a.s. (for 131 months)
  • Evolix (for 130 months)
  • Intevation GmbH (for 127 months)
  • Linuxhotel GmbH (for 127 months)
  • Daevel SARL (for 126 months)
  • Bitfolk LTD (for 125 months)
  • Megaspace Internet Services GmbH (for 125 months)
  • Greenbone AG (for 124 months)
  • NUMLOG (for 124 months)
  • WinGo AG (for 123 months)
  • Entr’ouvert (for 115 months)
  • Adfinis AG (for 112 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 107 months)
  • Tesorion (for 107 months)
  • Bearstech (for 98 months)
  • LiHAS (for 98 months)
  • Catalyst IT Ltd (for 93 months)
  • Supagro (for 88 months)
  • Demarcq SAS (for 87 months)
  • Université Grenoble Alpes (for 73 months)
  • TouchWeb SAS (for 65 months)
  • SPiN AG (for 62 months)
  • CoreFiling (for 58 months)
  • Institut des sciences cognitives Marc Jeannerod (for 53 months)
  • Observatoire des Sciences de l’Univers de Grenoble (for 49 months)
  • Tem Innovations GmbH (for 44 months)
  • WordFinder.pro (for 44 months)
  • CNRS DT INSU Résif (for 42 months)
  • Soliton Systems K.K. (for 38 months)
  • Alter Way (for 35 months)
  • Institut Camille Jordan (for 25 months)
  • SOBIS Software GmbH (for 10 months)
  • Tuxera Inc.

by Roberto C. Sánchez 16 May, 2025 . Tags : debian-lts, planet-debian, report , 1098 Words.