(E)LTS report for June 2025 bookworm/trixie/sid: cjson: - Uploaded an NMU fixing CVE-2023-26819 in unstable. - Submitted a package fixing CVE-2023-26819 and CVE-2023-53154 in the next bookworm point release. icu: - Provided the package for DSA-5951-1, fixing CVE-2025-5222. node-tar-fs: - Submitted a package fixing CVE-2025-3818 in the next bookworm point release. rar: - Submitted a package fixing CVE-2024-33899 in the next bookworm point release. LTS: catdoc: - Released DLA-4234-1, fixing CVE-2024-48877, CVE-2024-52035 and CVE-2024-54028. cjson: - Released DLA-4216-1, fixing CVE-2023-26819 and CVE-2023-53154. gdk-pixbuf: - Released DLA-4225-1, fixing CVE-2025-6199. gst-plugins-bad1.0: - Released DLA-4219-1, fixing CVE-2025-3887. icinga2: - Determined that CVE-2025-48057 does not affect the binaries in bookworm or bullseye. icu: - Made failures in the i386 build time tests fatal. - Released DLA-4217-1, fixing CVE-2025-5222. modsecurity-apache: - Did the upload and release paperwork for DLA-4212-1, the fix for CVE-2025-48866 was provided by the maintainer. node-send: - Released DLA-4224-1, fixing CVE-2024-43799. node-serialize-javascript: - Determined that CVE-2024-11831 (sole unfixed CVE) does not affect bullseye. node-tar-fs: - Released DLA-4214-1, fixing CVE-2024-12905 and CVE-2025-48387. ELTS: catdoc: - Released ELA-1474-1, fixing CVE-2024-48877, CVE-2024-52035 and CVE-2024-54028 in buster and stretch. gdk-pixbuf: - Determined that CVE-2025-6199 does not affect buster, stretch or jessie. gst-plugins-bad1.0: - Released ELA-1464-1, fixing CVE-2025-3887 in buster and stretch. icinga2: - Determined that CVE-2025-48057 does not affect the binaries in buster or stretch. icu: - Fixed the autopkgtest in buster and stretch. - Released ELA-1461-1, fixing CVE-2025-5222 in buster, stretch and jessie. libfile-find-rule-perl: - Released ELA-1449-1, fixing CVE-2011-10007 in buster and stretch. libheif: - Determined that CVE-2020-19499 does not affect buster. libpgjava: - Determined that CVE-2025-49146 does not affect buster, stretch or jessie. modsecurity-apache: - Released ELA-1453-1, fixing CVE-2025-48866 in buster, stretch and jessie. rar: - Released ELA-1478-1, fixing CVE-2024-33899 in stretch.