Monthly report about Debian Long Term Support, September 2025

Like each month, have a look at the work funded by Freexian’s Debian LTS offering.

Debian LTS contributors

In September, 20 contributors have been paid to work on Debian LTS, their reports are available:

• Abhijith PA did 10.0h (out of 10.0h assigned and 4.0h from previous period), thus carrying over 4.0h to the next month.
• Andreas Henriksson did 1.0h (out of 0.0h assigned and 20.0h from previous period), thus carrying over 19.0h to the next month.
• Bastien Roucariès did 20.0h (out of 20.0h assigned).
• Ben Hutchings did 20.0h (out of 21.0h assigned), thus carrying over 1.0h to the next month.
• Carlos Henrique Lima Melara did 10.0h (out of 12.0h assigned), thus carrying over 2.0h to the next month.
• Chris Lamb did 18.0h (out of 18.0h assigned).
• Daniel Leidert did 21.0h (out of 21.0h assigned).
• Emilio Pozuelo Monfort did 39.75h (out of 40.0h assigned), thus carrying over 0.25h to the next month.
• Guilhem Moulin did 15.0h (out of 15.0h assigned).
• Jochen Sprickerhof did 12.0h (out of 9.25h assigned and 11.75h from previous period), thus carrying over 9.0h to the next month.
• Lee Garrett did 13.5h (out of 21.0h assigned), thus carrying over 7.5h to the next month.
• Lucas Kanashiro did 8.0h (out of 20.0h assigned), thus carrying over 12.0h to the next month.
• Markus Koschany did 15.0h (out of 3.25h assigned and 17.75h from previous period), thus carrying over 6.0h to the next month.
• Paride Legovini did 6.0h (out of 8.0h assigned), thus carrying over 2.0h to the next month.
• Roberto C. Sánchez did 7.25h (out of 7.75h assigned and 13.25h from previous period), thus carrying over 13.75h to the next month.
• Santiago Ruano Rincón did 13.25h (out of 13.5h assigned and 1.5h from previous period), thus carrying over 1.75h to the next month.
• Sylvain Beucler did 17.0h (out of 7.75h assigned and 13.25h from previous period), thus carrying over 4.0h to the next month.
• Thorsten Alteholz did 21.0h (out of 21.0h assigned).
• Tobias Frost did 5.0h (out of 0.0h assigned and 8.0h from previous period), thus carrying over 3.0h to the next month.
• Utkarsh Gupta did 16.5h (out of 14.25h assigned and 6.75h from previous period), thus carrying over 4.5h to the next month.

Evolution of the situation

In September, we released 38 DLAs.

• Notable security updates:
  • modsecurity-apache prepared by Adrian Bunk, fixes a cross-site scripting vulnerability
  • cups, prepared by Thorsten Alteholz, fixes authentication bypass and denial of service vulnerabilities
  • jetty9, prepared by Adrian Bunk, fixes the MadeYouReset vulnerability (a recent, well-known denial of service vulnerability)
  • python-django, prepared by Chris Lamb, fixes a SQL injection vulnerability
  • firefox-esr and thunderbird, prepared by Emilio Pozuelo Monfort, were updated from the 128.x ESR series to the 140.x ESR series, fixing a number of vulnerabilities as well
• Notable non-security updates:
  • wireless-regdb prepared by Ben Hutchings, updates information reflecting changes to radio regulations in many countries

There was one package update contributed by a Debian Developer outside of the LTS Team: an update of node-tar-fs, prepared by Xavier Guimard (a member of the Node packaging team).

Finally, LTS Team members also contributed updates of the following packages:

• libxslt (to stable and oldstable), prepared by Guilhem Moulin, to address a regression introduced in a previous security update
• libphp-adodb (to stable and oldstable), prepared by Abhijith PA
• cups (to stable and oldstable), prepared by Thorsten Alteholz
• u-boot (to oldstable), prepared by Daniel Leidert and Jochen Sprickerhof
• libcommongs-lang3-java (to stable and oldstable), prepared by Daniel Leidert
• python-internetarchive (to oldstable), prepared by Daniel Leidert

One other notable contribution by a member of the LTS Team is that Sylvain Beucler proposed a fix upstream for CVE-2025-2760 in gimp2. Upstream no longer supports gimp2, but it is still present in Debian LTS, and so proposing this fix upstream is of benefit to other distros which may still be supporting the older gimp2 packages.

Thanks to our sponsors

Sponsors that joined recently are in bold.

• Platinum sponsors:
  • Toshiba Corporation (for 120 months)
  • Civil Infrastructure Platform (CIP) (for 88 months)
  • VyOS Inc (for 52 months)
• Gold sponsors:
  • F. Hoffmann-La Roche AG (for 130 months)
  • Akamai - Linode (for 124 months)
  • Babiel GmbH (for 114 months)
  • Plat’Home (for 113 months)
  • University of Oxford (for 70 months)
  • Deveryware (for 57 months)
  • EDF SA (for 42 months)
  • Dataport AöR (for 17 months)
  • CERN (for 15 months)
• Silver sponsors:
  • Domeneshop AS (for 135 months)
  • Nantes Métropole (for 129 months)
  • Univention GmbH (for 121 months)
  • Université Jean Monnet de St Etienne (for 121 months)
  • Ribbon Communications, Inc. (for 115 months)
  • Exonet B.V. (for 105 months)
  • Leibniz Rechenzentrum (for 99 months)
  • Ministère de l’Europe et des Affaires Étrangères (for 83 months)
  • Cloudways by DigitalOcean (for 72 months)
  • Dinahosting SL (for 70 months)
  • Platform.sh SAS (for 64 months)
  • Moxa Inc. (for 58 months)
  • sipgate GmbH (for 56 months)
  • OVH US LLC (for 54 months)
  • Tilburg University (for 54 months)
  • GSI Helmholtzzentrum für Schwerionenforschung GmbH (for 45 months)
  • THINline s.r.o. (for 18 months)
  • Copenhagen Airports A/S (for 12 months)
• Bronze sponsors:
  • Evolix (for 135 months)
  • Seznam.cz, a.s. (for 135 months)
  • Intevation GmbH (for 132 months)
  • Linuxhotel GmbH (for 132 months)
  • Daevel SARL (for 131 months)
  • Megaspace Internet Services GmbH (for 130 months)
  • Greenbone AG (for 129 months)
  • NUMLOG (for 129 months)
  • WinGo AG (for 128 months)
  • Entr’ouvert (for 120 months)
  • Adfinis AG (for 117 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 112 months)
  • Tesorion (for 112 months)
  • Bearstech (for 103 months)
  • LiHAS (for 103 months)
  • Catalyst IT Ltd (for 98 months)
  • Demarcq SAS (for 92 months)
  • Université Grenoble Alpes (for 78 months)
  • TouchWeb SAS (for 70 months)
  • SPiN AG (for 67 months)
  • CoreFiling (for 63 months)
  • Institut des sciences cognitives Marc Jeannerod (for 58 months)
  • Observatoire des Sciences de l’Univers de Grenoble (for 54 months)
  • Tem Innovations GmbH (for 49 months)
  • WordFinder.pro (for 48 months)
  • CNRS DT INSU Résif (for 47 months)
  • Soliton Systems K.K. (for 42 months)
  • Alter Way (for 40 months)
  • Institut Camille Jordan (for 30 months)
  • SOBIS Software GmbH (for 15 months)
  • Tuxera Inc. (for 6 months)

by Roberto C. Sánchez 13 Oct, 2025 . Tags : <a href="/tags/debian-lts/">debian-lts</a>, <a href="/tags/planet-debian/">planet-debian</a>, <a href="/tags/report/">report</a> , 991 Words.