ELTS report October 2025
========================

1. I have been ELTS frontdesk from 27.10.2025 until 02.11.2025. During this
   time I triaged potential security vulnerabilities in supported packages such as
   pure-ftpd, libphp-swiftmailer, prometheus-process-exporter, docker-compose,
   imagemagick, qemu, xrdp, hdf5, samba, git-lfs, libwebsockets, unbound,
   apt-cacher-ng, strongswan, gimp, geographiclib and dcmtk.


2. ELA-1571-1. Prepared a security update of strongswan to fix CVE-2025-62291 in
               buster.

3. ELA-1572-1. Prepared a security update of geographiclib to fix CVE-2025-60751
               in stretch and buster.

4. ELA-1573-1. Prepared a security update of gimp fixing CVE-2025-10934 in
               stretch and buster.

5. ELA-1574-1. Prepared a security update of dcmtk fixing 3 CVE in buster.

6. tomcat9: Together with Bastien Roucaries I incorporated the latest reported
            October CVE for our next tomcat9 security release. We both came to the
            conclusion that in some corner cases regressions may occur but the security
            fixes outweigh the potential risks. We will notify customers about
            those risks in more detail in the upcoming ELA.