# October 2025

During this month, I have worked on the following tasks for Debian LTS and ELTS.
This was my initial contact with the LTS/ELTS project and preparation of security updates.
Thanks to Freexian and sponsors for making this possible [0].

## Log4cxx

- Investigated CVE-2025-54812 & CVE-2025-54813
  * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111879
  * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111881
- Backported upstream patches from PR#{509,512,514} to v0.11.0-2 (bullseye/LTS)
  * https://salsa.debian.org/debian/log4cxx/-/merge_requests/2
- Testing and validation of patches inside a bullseye container, incl. a written
  test plan (in MR) and passing autopkgtests via SalsaCI pipeline.
  * https://salsa.debian.org/slyon/log4cxx/-/pipelines/948717
- Landing the same security fixes in Debian testing & stable, to retain a solid
  upgrade path.
  * https://salsa.debian.org/debian/log4cxx/-/merge_requests/1
  * https://salsa.debian.org/debian/log4cxx/-/merge_requests/3
- Patches reviewed by @tobi, thanks!
- Published as DLA-4322-1 

Cheers,
  Lukas

[0] https://www.freexian.com/lts/debian/#sponsors