(E)LTS report for July 2025


bookworm/trixie/sid:

commons-beanutils:
- Uploaded an NMU fixing CVE-2025-48734 in unstable and trixie.
- Submitted a package fixing CVE-2025-48734 in the next bookworm
  point release.

djvulibre:
- Uploaded an NMU fixing CVE-2021-46310 and CVE-2021-46312
  in unstable and trixie.
- Submitted a package fixing CVE-2021-46310 and CVE-2021-46312
  in the next bookworm point release.

ffmpeg:
- Determined that CVE-2023-6602, CVE-2023-6604 and CVE-2023-6605
  were already fixed in trixie.

git:
- Determined that CVE-2025-48386 does not affect the binaries
  in Debian.
- Submitted a package fixing CVE-2025-27613, CVE-2025-27614,
  CVE-2025-46835, CVE-2025-48384 and CVE-2025-48385 in trixie.


LTS:

batik:
- Released DLA-4243-1, fixing CVE-2020-11987, CVE-2022-38398,
  CVE-2022-38648 and CVE-2022-40146.

djvulibre:
- Released DLA-4247-1, fixing CVE-2021-46310, CVE-2021-46312
  and CVE-2025-53367.

ffmpeg:
- Released DLA-4241-1, fixing CVE-2023-6601, CVE-2023-6602,
  CVE-2023-6604 and CVE-2023-6605.

thunderbird:
- Did the release paperwork for DLA-4239-1, the update fixing
  CVE-2025-5986, CVE-2025-6424, CVE-2025-6425, CVE-2025-6429
  and CVE-2025-6430 was provided by the maintainer.

xmedcon:
- Released DLA-4237-1, fixing CVE-2025-2581.


ELTS:

commons-beanutils:
- Released ELA-1482-1, fixing CVE-2025-48734.

dcmtk:
- Released ELA-1484-1, fixing CVE-2022-2119, CVE-2022-2120,
  CVE-2025-2357, CVE-2025-25472, CVE-2025-25474 and CVE-2025-25475
  in buster and stretch.

djvulibre:
- Determined that CVE-2021-46310 was already fixed in buster,
  stretch and jessie.
- Released ELA-1485-1, fixing CVE-2021-46312 and CVE-2025-53367
  in buster and stretch.

freerdp2:
- Released ELA-1483-1, fixing CVE-2022-24882, CVE-2022-39320,
  CVE-2024-22211, CVE-2024-32039, CVE-2024-32040, CVE-2024-32041,
  CVE-2024-32458, CVE-2024-32459, CVE-2024-32460, CVE-2024-32658,
  CVE-2024-32659, CVE-2024-32660 and CVE-2024-32661 in buster.

git:
- Determined that CVE-2025-27614 does not affect buster or stretch.