(E)LTS report for August 2025


bookworm/trixie/sid:

firebird3.0:
- Submitted a package fixing  in the next trixie
  point release.
- Submitted a package fixing  in the next bookworm
  point release.

node-tmp:
- Uploaded an NMU fixing CVE-2025-54798 in unstable.
- Submitted a package fixing CVE-2025-54798 in the next trixie
  point release.
- Submitted a package fixing CVE-2025-54798 in the next bookworm
  point release.

openjpeg2:
- Uploaded an NMU fixing CVE-2025-54874 in unstable.
- Submitted a package fixing CVE-2025-54874 in the next trixie
  point release.
- Submitted a package fixing CVE-2025-50952 in the next bookworm
  point release.


LTS:

asterisk:
- Determined that CVE-2025-49832 does not affect <= bullseye.

exempi:
- Released DLA-4264-1, fixing CVE-2021-36045, CVE-2021-36046,
  CVE-2021-36047, CVE-2021-36048, CVE-2021-36050, CVE-2021-36051,
  CVE-2021-36052, CVE-2021-36053, CVE-2021-36054, CVE-2021-36055,
  CVE-2021-36056, CVE-2021-36057, CVE-2021-36058, CVE-2021-36064,
  CVE-2021-39847, CVE-2021-40716, CVE-2021-40732, CVE-2021-42528,
  CVE-2021-42529, CVE-2021-42530, CVE-2021-42531 and CVE-2021-42532.

firebird3.0:
- Released DLA-4282-1, fixing CVE-2025-54989.

gnutls28:
- Determined that CVE-2025-32989 does not affect <= bullseye.
- Released DLA-4267-1, fixing CVE-2025-6395, CVE-2025-32988
  and CVE-2025-32990.

hplip:
- Determined that CVE-2025-43023 is not a vulnerability in hplip.

iperf3:
- Did the upload and release paperwork for DLA-4281-1, the update
  fixing CVE-2025-54349 and CVE-2025-54350 was provided by the maintainer.

jackrabbit:
- Determined that CVE-2025-53689 does not affect the binary package in Debian.

modsecurity-crs:
- Determined that CVE-2019-11388 was already fixed in >= stretch.
- Released DLA-4265-1, fixing CVE-2020-22669, CVE-2022-39955,
  CVE-2022-39956, CVE-2022-39957 and CVE-2022-39958.

node-tmp:
- Released DLA-4268-1, fixing CVE-2025-54798.

openjpeg2:
- Determined that CVE-2018-16375 was already fixed in >= bullseye.
- Determined that CVE-2018-20846 was already fixed in >= bullseye.
- Determined that CVE-2025-53644 does not affect <= bookworm.



ELTS:

firebird3.0:
- Released ELA-1506-1, fixing CVE-2025-54989 in buster.

gnutls28:
- Fixed the autopkgtest on 32-bit in buster.
- Determined that CVE-2025-6395 does not affect stretch.
- Released ELA-1495-1, fixing CVE-2025-6395, CVE-2025-32988
  and CVE-2025-32990 in buster.
- Released ELA-1496-1, fixing CVE-2025-32988 and CVE-2025-32990
  in stretch.

iperf3:
- Released ELA-1505-1, fixing CVE-2025-54349 and CVE-2025-54350
  in buster and stretch.

libphp-adodb:
- Released ELA-1493-1, fixing CVE-2025-46337 in stretch.

openjpeg2:
- Determined that CVE-2017-17480 was already fixed in >= jessie.
- Determined that CVE-2025-54874 does not affect buster or stretch.
- Released ELA-1498-1, fixing CVE-2019-12973 and CVE-2025-50952
  in buster.

sqlite:
- Determined that sqlite is not affected by CVE-2025-7458.

unrar-nonfree:
- Released ELA-1494-1, fixing CVE-2024-33899 in buster and stretch.