LTS report October 2025 ========================= 1. I have been LTS frontdesk from 27.10.2025 until 02.11.2025. During this time I triaged potential security vulnerabilities in supported packages such as bouncycastle, docker-compose, hdf5, samba, git-lfs, libwebsockets, unbound, consul, pdns-recursor, golang-15, golang-github-lucas-clemente-quic-go, aiomysql, apt-cacher-ng, audiofile, fontforge, luksmeta, opensmtpd, rplay, social-auth-app-django, strongswan, gimp, geographiclib, ffmpeg, dcmtk, frr and mbedtls. 2. DLA-4331-1. Issued a security update for https-everywhere because it was found that the essential domain https-rulesets.org is no longer controlled by the former upstream developers of https-everywhere. Requests were redirected to a known malware site. This posed a severe risk for users who relied on secure HTTPS connections. As a consequence I had to remove the addon from the dependency list of parl-desktop and progress-linux-desktop too. 3. DLA-4356-1. Issued an update of ublock-origin, a popular ad and tracker blocker for Chromium and Firefox introducing new filter rules and various changes to improve the user experience. 4. DLA-4359-1. Issued a security update of strongswan to fix CVE-2025-62291 in bullseye. 5. DLA-4361-1. Issued a security update of geographiclib to fix CVE-2025-60751 in bullseye. 6. DLA-4362-1. Issued a security update of gimp fixing CVE-2025-10934 in bullseye. 7. DLA-4363-1. Issued a security update of dcmtk fixing 3 CVE in bullseye. 8. tomcat10 and tomcat11: Yet another CVE has been reported for tomcat10 and tomcat11 in October and this time I decided to apply the targeted upstream patch on top of the already prepared new upstream release. I am going to release the update now as is which will fix 13 respectively 11 CVE in bookworm and trixie.