(E)LTS report for August 2025


bookworm/trixie/sid:

jetty9:
- Uploaded an NMU fixing CVE-2025-5115 in unstable.
- Submitting a package for a DSA fixing CVE-2025-5115
  in trixie and bookworm.

jetty12:
- Uploaded an NMU fixing CVE-2025-5115 in unstable.
- Submitting a package for a DSA fixing CVE-2025-5115
  in trixie.

libhtp:
- Submitted a package fixing CVE-2025-53537 in the next
  trixie point release.
- Submitted a package fixing CVE-2024-23837 and CVE-2024-45797
  in the next bookworm point release.


LTS:

jetty9:
- Released DLA-4299-1, fixing CVE-2025-5115.

libhtp:
- Determined that CVE-2025-53537 does not affect <= bookworm.
- Released DLA-4295-1, fixing CVE-2024-23837 and CVE-2024-45797.

modsecurity-apache:
- Released DLA-4294-1, fixing CVE-2025-54571.

node-cipher-base:
- Released DLA-4291-1, fixing CVE-2025-9287.

ruby-saml:
- Released DLA-4288-1, fixing CVE-2025-54572.

webkit2gtk:
- Debugged a user-reported regression and suggested a workaround (#1112227).


ELTS:

modsecurity-apache:
- Prepared an update fixing CVE-2025-54571 in buster.

opencv:
- Determined that CVE-2025-53644 does not affect stretch.
- Prepared an update fixing CVE-2017-18009, CVE-2019-14491, CVE-2019-14492
  CVE-2019-14493 and CVE-2019-15939 in buster that was released as part
  of ELA-1513-1.