LTS report July 2025
====================

1. I have been the LTS frontdesk from 30.06.2025 until 06.07.2025 and from
   07.07.2025 to 13.07.2025. During this time I triaged all security
   vulnerabilities which could have affected supported Debian packages in
   Debian 11 "bullseye". Those software packages included but not exclusively
   libcommons-lang{3}-java, golang-1.15, poppler, gdk-pixbuf, node-pbkdf2,
   mruby, gnome-remote-desktop, codemirror-js, cloud-init, apache2,
   libowasp-esapi-java, php7.4, spdlog, qbittorrent, libssh,
   libcommons-fileupload-java, erlang, dpkg, tidy-html5, redis, luajit,
   gnutls28, amd64-microcode, git, jackson-core, guix, python-urllib3,
   pam, jgit, and djvulibre.

   Most of the detected problems could be postponed to fix them along with more
   important issues in the future. I investigated CVE-2025-50200 in
   rabbitmq-server more closely because only very limited information was
   available at that time. I requested help from the upstream developers who
   clarified what specific code changes remedied the problem.

   Unfortunately I got the summer flu in the second week of July during my
   frontdesk term which was quite persistent, messed up my schedule and also
   prevented me from going on holiday as planned. The vacation was postponed and lasted
   from the end of July to the beginning of August.