I've worked during October 2025 on the below listed packages, for
Freexian LTS/ELTS

Many thanks to Freexian and sponsors for providing this 
opportunity!

LTS:
===

 * ghostscript: Released DLA 4330-1[1] fixing CVE-2025-7462
   		CVE-2025-59798 CVE-2025-59799

 * lemonldap-ng: Backporting CVE-2024-52948. The changeset is large.

 * php-league-commonmark: Marked CVE-2025-46734 as ignored for
                          bullseye. Reason in commit
			  https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e01729e21bbe74832cccfbbb4aa41418e0de0b43

 * libphp-adodb: Reviewed 5.20.19-1+deb11u3 uploaded by Bastien
   		 Roucariès <rouca@debian.org>. Rouca also noticed that
   		 sqlite along with sqlite3 driver was vulnerable. I
   		 have refreshed my fixes provided for stable-PU and
   		 old stable-PUs. #1116015, #1116017

 * ruby-saml: Prepared a patch fixing CVE-2025-25291, CVE-2025-25292,
    	      CVE-2025-25293, CVE-2025-54572.
	      But reverse build-depend ruby-omniauth-saml currently
    	      failing.


misc
====
 * nova: Filed #1118106. Homepage URL gives 404
 

ELTS:
====
This month I couldn't work on any packages for ELTS.

---
[1] - https://lists.debian.org/debian-lts-announce/2025/10/msg00010.html