Monthly report about Debian Long Term Support, August 2025

Like each month, have a look at the work funded by Freexian’s Debian LTS offering.

Debian LTS contributors

In August, 21 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 10.0h (out of 0.0h assigned and 14.0h from previous period), thus carrying over 4.0h to the next month.
• Andrej Shadura did 12.0h (out of 9.0h assigned and 3.0h from previous period).
• Bastien Roucariès did 20.0h (out of 19.75h assigned and 0.25h from previous period).
• Ben Hutchings did 22.75h (out of 16.5h assigned and 6.25h from previous period).
• Carlos Henrique Lima Melara did 10.0h (out of 10.0h assigned).
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Daniel Leidert did 23.25h (out of 23.25h assigned).
• Emilio Pozuelo Monfort did 23.25h (out of 23.25h assigned).
• Guilhem Moulin did 15.0h (out of 15.0h assigned).
• Jochen Sprickerhof did 11.0h (out of 6.0h assigned and 16.75h from previous period), thus carrying over 11.75h to the next month.
• Lee Garrett did 16.25h (out of 0.0h assigned and 16.25h from previous period).
• Lucas Kanashiro did 20.0h (out of 1.25h assigned and 18.75h from previous period).
• Markus Koschany did 5.0h (out of 13.0h assigned and 9.75h from previous period), thus carrying over 17.75h to the next month.
• Paride Legovini did 8.0h (out of 0.0h assigned and 8.0h from previous period).
• Roberto C. Sánchez did 7.5h (out of 11.75h assigned and 11.0h from previous period), thus carrying over 15.25h to the next month.
• Santiago Ruano Rincón did 13.5h (out of 7.25h assigned and 7.75h from previous period), thus carrying over 1.5h to the next month.
• Stefano Rivera did 0.5h (out of 0.0h assigned and 3.0h from previous period), thus carrying over 2.5h to the next month.
• Sylvain Beucler did 10.0h (out of 23.25h assigned), thus carrying over 13.25h to the next month.
• Thorsten Alteholz did 22.75h (out of 22.75h assigned).
• Tobias Frost did 4.0h (out of 0.0h assigned and 12.0h from previous period), thus carrying over 8.0h to the next month.
• Utkarsh Gupta did 16.0h (out of 22.75h assigned), thus carrying over 6.75h to the next month.

Evolution of the situation

In August, we released 27 DLAs.

The month of August marked the release of Debian 13 (codename “trixie”). This is worth noting because it brought with it the return of the customary fast development pace of Debian unstable, which included several contributions from LTS Team members. More on that below.

Of the many security updates which were published (and a few non-security updates as well), some notable ones are highlighted here.

• Notable security updates:
  • gnutls28 prepared by Adrian Bunk, fixes several potential denial of service vulnerabilities
  • apache2, prepared by Bastien Roucariès, fixes several vulnerabilities including a potential denial of service and SSL/TLS-related access control
  • mbedtls (original update, regression update) prepared by Andrej Shadura, fixes several potential denial of service and information disclosure vulnerabilities
  • openjdk-17, prepared by Emilio Pozuelo Monfort, fixes several vulnerabilities which could result in denial of service, information disclosure or weakened TLS connections
• Notable non-security updates:
  • distro-info-data, prepared by Stefano Rivera, adds information concerning future Debian and Ubuntu releases
  • ca-certificates-java, prepared by Bastien Roucariès, fixes some bugs which could disrupt future updates

The LTS Team continues to welcome the collaboration of maintainers from across the Debian community. The contributions of maintainers from outside the LTS Team include: postgresql-13 (Christoph Berg), sope (Jordi Mallach), thunderbird (Carsten Schoenert), and iperf3 (Roberto Lumbreras).

Finally, LTS Team members also contributed updates of the following packages:

• redis (to stable), prepared by Chris Lamb
• firebird3.0 (to oldstable and stable), prepared by Adrian Bunk
• node-tmp (to oldstable, stable, and unstable), prepared by Adrian Bunk
• openjpeg2 (to oldstable, stable, and unstable), prepared by Adrian Bunk
• apache2 (to oldstable), prepared by Bastien Roucariès
• unbound (to oldstable), prepared by Guilhem Moulin
• luajit (to oldstable), prepared by Guilhem Moulin
• golang-github-gin-contrib-cors (to oldstable and stable), prepared by Thorsten Alteholz
• libcoap3 (to stable), prepared by Thorsten Alteholz
• libcommons-lang-java and libcommons-lang3-java (both to unstable), prepared by Daniel Leidert
• python-flask-cors (to oldstable), prepared by Daniel Leidert

The LTS Team would especially like to thank our many longtime friends and sponsors for their support and collaboration.

Thanks to our sponsors

Sponsors that joined recently are in bold.

• Platinum sponsors:
  • Toshiba Corporation (for 119 months)
  • Civil Infrastructure Platform (CIP) (for 87 months)
  • VyOS Inc (for 51 months)
• Gold sponsors:
  • F. Hoffmann-La Roche AG (for 129 months)
  • Akamai - Linode (for 123 months)
  • Babiel GmbH (for 113 months)
  • Plat’Home (for 112 months)
  • University of Oxford (for 69 months)
  • Deveryware (for 56 months)
  • EDF SA (for 41 months)
  • Dataport AöR (for 16 months)
  • CERN (for 14 months)
• Silver sponsors:
  • Domeneshop AS (for 134 months)
  • Nantes Métropole (for 128 months)
  • Univention GmbH (for 120 months)
  • Université Jean Monnet de St Etienne (for 120 months)
  • Ribbon Communications, Inc. (for 114 months)
  • Exonet B.V. (for 103 months)
  • Leibniz Rechenzentrum (for 98 months)
  • Ministère de l’Europe et des Affaires Étrangères (for 81 months)
  • Cloudways by DigitalOcean (for 71 months)
  • Dinahosting SL (for 69 months)
  • Platform.sh SAS (for 63 months)
  • Moxa Inc. (for 57 months)
  • sipgate GmbH (for 55 months)
  • OVH US LLC (for 53 months)
  • Tilburg University (for 53 months)
  • GSI Helmholtzzentrum für Schwerionenforschung GmbH (for 44 months)
  • THINline s.r.o. (for 17 months)
  • Copenhagen Airports A/S (for 11 months)
• Bronze sponsors:
  • Evolix (for 134 months)
  • Seznam.cz, a.s. (for 134 months)
  • Intevation GmbH (for 131 months)
  • Linuxhotel GmbH (for 131 months)
  • Daevel SARL (for 130 months)
  • Megaspace Internet Services GmbH (for 129 months)
  • Greenbone AG (for 128 months)
  • NUMLOG (for 128 months)
  • WinGo AG (for 127 months)
  • Entr’ouvert (for 118 months)
  • Adfinis AG (for 116 months)
  • Tesorion (for 111 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 110 months)
  • Bearstech (for 102 months)
  • LiHAS (for 102 months)
  • Catalyst IT Ltd (for 97 months)
  • Demarcq SAS (for 91 months)
  • Université Grenoble Alpes (for 77 months)
  • TouchWeb SAS (for 69 months)
  • SPiN AG (for 66 months)
  • CoreFiling (for 62 months)
  • Institut des sciences cognitives Marc Jeannerod (for 57 months)
  • Observatoire des Sciences de l’Univers de Grenoble (for 53 months)
  • Tem Innovations GmbH (for 48 months)
  • WordFinder.pro (for 47 months)
  • CNRS DT INSU Résif (for 46 months)
  • Soliton Systems K.K. (for 41 months)
  • Alter Way (for 39 months)
  • Institut Camille Jordan (for 29 months)
  • SOBIS Software GmbH (for 14 months)
  • Tuxera Inc. (for 5 months)

by Roberto C. Sánchez 11 Sep, 2025 . Tags : debian-lts, planet-debian, report , 1039 Words.