Monthly report about Debian Long Term Support, October 2025

The Debian LTS Team, funded by [Freexian’s Debian LTS offering] (https://www.freexian.com/lts/debian/), is pleased to report its activities for October.

Activity summary

During the month of October, 21 contributors have been paid to work on Debian LTS (links to individual contributor reports are located below).

The team released 37 DLAs fixing 893 CVEs.

The team has continued in its usual rhythm, preparing and uploading security updates targeting LTS and ELTS, as well as helping with updates to oldstable, stable, testing, and unstable. Additionally, the team received several contributions of LTS uploads from Debian Developers outside the standing LTS Team.

Notable security updates:

• https-everywhere, prepared by Markus Koschany, deals with a problem created by ownership of the https-rulesets.org domain passing to a malware operator
• openjdk-17 and openjdk-11, prepared by Emilio Pozuelo Monfort, fixes XML external entity and certificate validation vulnerabilities
• intel-microcode, prepared by Tobias Frost, fixes a variety of privilege escalation and denial of service vulnerabilities

Notable non-security updates:

• distro-info-data, prepared by Stefano Rivera, updates information concerning current and upcoming Debian and Ubuntu releases

Contributions from outside the LTS Team:

• Lukas Märdian, a Debian Developer, provided an update of log4cxx
• Andrew Ruthven, one of the request-tracker4 maintainers, provided an update of request-tracker4
• Christoph Goehre, co-maintainer of thunderbird, provided an update of thunderbird

Beyond the typical LTS updates, the team also helped the Debian community more broadly:

• Abhijith PA prepared oldstable/stable updates of libxml2, and an unstable update of libxml2.9
• Bastien Roucariès prepared oldstable/stable updates of imagemagick
• Daniel Leidert prepared an oldstable update of python-authlib, oldstable update of libcommons-lang-java and stable update of libcommons-lang3-java
• Utkarsh Gupta prepared oldstable/stable/testing/unstable updates of ruby-rack

The LTS Team is grateful for the opportunity to contribute to making LTS a high quality for sponsors and users. We are also particularly grateful for the collaboration from others outside the time; their contributions are important to the success of the LTS effort.

Individual Debian LTS contributor reports

• Abhijith PA
• Andreas Henriksson
• Andrej Shadura
• Bastien Roucariès
• Ben Hutchings
• Carlos Henrique Lima Melara
• Chris Lamb
• Daniel Leidert
• Emilio Pozuelo Monfort
• Guilhem Moulin
• Jochen Sprickerhof
• Lucas Kanashiro
• Markus Koschany
• Paride Legovini
• Roberto C. Sánchez
• Santiago Ruano Rincón
• Stefano Rivera
• Sylvain Beucler
• Thorsten Alteholz
• Tobias Frost
• Utkarsh Gupta

Thanks to our sponsors

Sponsors that joined recently are in bold.

• Platinum sponsors:
  • Toshiba Corporation (for 121 months)
  • Civil Infrastructure Platform (CIP) (for 89 months)
  • VyOS Inc (for 54 months)
• Gold sponsors:
  • F. Hoffmann-La Roche AG (for 132 months)
  • Babiel GmbH (for 115 months)
  • Plat’Home (for 115 months)
  • University of Oxford (for 72 months)
  • Deveryware (for 59 months)
  • EDF SA (for 43 months)
  • Dataport AöR (for 19 months)
  • CERN (for 16 months)
• Silver sponsors:
  • Domeneshop AS (for 136 months)
  • Nantes Métropole (for 130 months)
  • Akamai - Linode (for 126 months)
  • Univention GmbH (for 122 months)
  • Université Jean Monnet de St Etienne (for 122 months)
  • Ribbon Communications, Inc. (for 116 months)
  • Exonet B.V. (for 106 months)
  • Leibniz Rechenzentrum (for 100 months)
  • Ministère de l’Europe et des Affaires Étrangères (for 84 months)
  • Cloudways by DigitalOcean (for 73 months)
  • Dinahosting SL (for 71 months)
  • Upsun Formerly Platform.sh (for 66 months)
  • Moxa Inc. (for 60 months)
  • sipgate GmbH (for 57 months)
  • OVH US LLC (for 55 months)
  • Tilburg University (for 55 months)
  • GSI Helmholtzzentrum für Schwerionenforschung GmbH (for 47 months)
  • THINline s.r.o. (for 20 months)
  • Copenhagen Airports A/S (for 13 months)
• Bronze sponsors:
  • Evolix (for 137 months)
  • Seznam.cz, a.s. (for 137 months)
  • Linuxhotel GmbH (for 134 months)
  • Intevation GmbH (for 133 months)
  • Daevel SARL (for 132 months)
  • Megaspace Internet Services GmbH (for 131 months)
  • Greenbone AG (for 130 months)
  • NUMLOG (for 130 months)
  • WinGo AG (for 130 months)
  • Entr’ouvert (for 121 months)
  • Adfinis AG (for 119 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 113 months)
  • Tesorion (for 113 months)
  • Bearstech (for 105 months)
  • LiHAS (for 105 months)
  • Catalyst IT Ltd (for 99 months)
  • Demarcq SAS (for 93 months)
  • Université Grenoble Alpes (for 80 months)
  • TouchWeb SAS (for 72 months)
  • SPiN AG (for 68 months)
  • CoreFiling (for 64 months)
  • Institut des sciences cognitives Marc Jeannerod (for 59 months)
  • Observatoire des Sciences de l’Univers de Grenoble (for 56 months)
  • Tem Innovations GmbH (for 51 months)
  • WordFinder.pro (for 50 months)
  • CNRS DT INSU Résif (for 49 months)
  • Soliton Systems K.K. (for 44 months)
  • Alter Way (for 42 months)
  • Institut Camille Jordan (for 32 months)
  • SOBIS Software GmbH (for 16 months)
  • Tuxera Inc. (for 8 months)

par Roberto C. Sánchez 29 nov., 2025 . Tags : debian-lts, planet-debian, report , 724 Mots.