I've worked during August 2025 on the below listed packages, for
Freexian LTS/ELTS

Many thanks to Freexian and sponsors for providing this 
opportunity!

LTS/ELTS:
===

* nextcloud-desktop: There were 12 open CVEs. I've reproduced
  CVE-2022-39331 CVE-2022-39332 CVE-2022-39333 for bullseye based on
  the available reproducer and prepared fix for CVE-2022-39331
  CVE-2022-39332 CVE-2022-39333 and CVE-2022-39334 and CVE-2023-28997.

  I've marked CVE-2022-41882 as <not-affected> for bullseye. Also
  marked CVE-2023-23942 CVE-2023-28999 CVE-2024-52510 as ignored
  because of e2ee patches which are intrusive to backport.
  CVE-2023-29000 and CVE-2023-28998 are pending for marking ignored.
  
  https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b07695bee7363639c7cc920599b8331fe34c98cc
  https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48227ab486ce0294f10267ee3e3b947a74365894
  https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/444c1340ebf5059f2eeadce03f96cbbf342aa5ab

* libphp-adodb: Preparing fix for CVE-2025-54119 for bullseye and SPU.

---