LTS report September 2025
=========================

1. I have been LTS frontdesk from 01.09.2025 until 07.09.2025. During this
   time I triaged potential security vulnerabilities in supported packages such as
   epiphany-browser, exiv2, gsoap, javamail, libsndfile, p7zip, pcre2,
   python-django, varnish, dcmtk, pypy, libxml2, sqlite3, shibboleth-sp and
   various others.

2. DLA-4326-1,asterisk: I prepared a security update for asterisk fixing 2 CVE
   in bullseye and triaged CVE-2025-57767 as not-affected because the vulnerable
   code was introduced later in 2023.

3. tomcat10 and tomcat11: I finished the security update of tomcat10 and
   incorporated the fix for CVE-2025-55668 as well by packaging the latest
   available upstream version but could not release it in time due to personal
   reasons. I did the same for tomcat11 and investigated a problem that affected
   both versions, Debian bug #1108280, which is about the automatic migration of
   older webapps to the jakarta.servlet namespace. The change requires more
   testing in Debian unstable and testing before we can consider to backport it to
   stable and oldstable releases.