ELTS report May 2025 ==================== 1. ELA 1433-1: I issued a security and regression update for glib2.0 fixing 1 CVE in jessie. As mentioned in the previous report, while I was working on updating the subversion package, I discovered a regression in glib2.0 introduced in ELA-625-1 in order to fix CVE-2021-27218. The inline keyword in the gmem.h header file was not defined if software used an older C standard which led to a build failure when building reverse-dependencies of GLib, e.g. subversion. 2. ELA-1434-1: The fix in ELA 1433-1 allowed us to publish the security update for subversion fixing 1 CVE in jessie, stretch and buster. 3. ELA-1435-1: Issued a security update for libfcgi-perl fixing 1 CVE in jessie, stretch and buster. The update was straightforward since the version of libfcgi-perl was almost identical in all supported distributions. The impact was a potential denial of service when runnning interactive programs with a web server. 4. While I was updating varnish in bullseye, I had a look at varnish in jessie, stretch and buster. I am currently working on a buster update to fix the lastest reported CVE but intend to backport them to stretch and jessie too provided they do not introduce a regression. 5. I have been working on updating the ublock-origin addon for Firefox and Chromium in supported releases. The update will be released shortly after the release for bullseye and will fix CVE-2025-4215. 6. I have been the ELTS front desk from 12.05.2025 to 18.05.2025 and triaged newly discovered CVE in supported packages.