Hi LTS team, Whilst triaging packages for LTS, the report also shows us issues fixed in bullseye but not in bookworm.
This is a gentle reminder: **if** you've worked on any of the packages below and issued a DLA for them, please consider fixing them in bullseye via a pu or DSA (modulo the security team wants to do that). --- Issues fixed in bullseye but not in bookworm (low priority) [caution: new report] cf. https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/?label_name%5B%5D=%28O%29SPU : * activemq https://deb.freexian.com/extended-lts/tracker/source-package/activemq - CVE-2025-27533 https://deb.freexian.com/extended-lts/tracker/CVE-2025-27533 [wf secteam triage] * busybox https://deb.freexian.com/extended-lts/tracker/source-package/busybox - CVE-2023-42365 https://deb.freexian.com/extended-lts/tracker/CVE-2023-42365 - CVE-2023-42364 https://deb.freexian.com/extended-lts/tracker/CVE-2023-42364 - CVE-2022-48174 https://deb.freexian.com/extended-lts/tracker/CVE-2022-48174 * dcmtk https://deb.freexian.com/extended-lts/tracker/source-package/dcmtk - CVE-2025-9732 https://deb.freexian.com/extended-lts/tracker/CVE-2025-9732 - CVE-2025-2357 https://deb.freexian.com/extended-lts/tracker/CVE-2025-2357 - CVE-2022-4981 https://deb.freexian.com/extended-lts/tracker/CVE-2022-4981 * editorconfig-core https://deb.freexian.com/extended-lts/tracker/source-package/editorconfig-core - CVE-2024-53849 https://deb.freexian.com/extended-lts/tracker/CVE-2024-53849 * erlang https://deb.freexian.com/extended-lts/tracker/source-package/erlang - CVE-2025-48041 https://deb.freexian.com/extended-lts/tracker/CVE-2025-48041 - CVE-2025-48039 https://deb.freexian.com/extended-lts/tracker/CVE-2025-48039 - CVE-2025-48038 https://deb.freexian.com/extended-lts/tracker/CVE-2025-48038 * geographiclib https://deb.freexian.com/extended-lts/tracker/source-package/geographiclib - CVE-2025-60751 https://deb.freexian.com/extended-lts/tracker/CVE-2025-60751 * git https://deb.freexian.com/extended-lts/tracker/source-package/git - CVE-2025-48384 https://deb.freexian.com/extended-lts/tracker/CVE-2025-48384 - CVE-2025-46835 https://deb.freexian.com/extended-lts/tracker/CVE-2025-46835 - CVE-2025-27613 https://deb.freexian.com/extended-lts/tracker/CVE-2025-27613 * iperf3 https://deb.freexian.com/extended-lts/tracker/source-package/iperf3 - CVE-2024-53580 https://deb.freexian.com/extended-lts/tracker/CVE-2024-53580 * libarchive https://deb.freexian.com/extended-lts/tracker/source-package/libarchive - CVE-2025-5918 https://deb.freexian.com/extended-lts/tracker/CVE-2025-5918 * libcommons-fileupload-java https://deb.freexian.com/extended-lts/tracker/source-package/libcommons-fileupload-java - CVE-2025-48976 https://deb.freexian.com/extended-lts/tracker/CVE-2025-48976 * libmodbus https://deb.freexian.com/extended-lts/tracker/source-package/libmodbus - CVE-2024-10918 https://deb.freexian.com/extended-lts/tracker/CVE-2024-10918 * libowasp-esapi-java https://deb.freexian.com/extended-lts/tracker/source-package/libowasp-esapi-java - CVE-2025-5878 https://deb.freexian.com/extended-lts/tracker/CVE-2025-5878 * libwebsockets https://deb.freexian.com/extended-lts/tracker/source-package/libwebsockets - CVE-2025-11678 https://deb.freexian.com/extended-lts/tracker/CVE-2025-11678 - CVE-2025-11677 https://deb.freexian.com/extended-lts/tracker/CVE-2025-11677 * log4cxx https://deb.freexian.com/extended-lts/tracker/source-package/log4cxx - CVE-2025-54813 https://deb.freexian.com/extended-lts/tracker/CVE-2025-54813 - CVE-2025-54812 https://deb.freexian.com/extended-lts/tracker/CVE-2025-54812 * mediawiki https://deb.freexian.com/extended-lts/tracker/source-package/mediawiki - CVE-2025-61656 https://deb.freexian.com/extended-lts/tracker/CVE-2025-61656 [wf secteam triage] - CVE-2025-61655 https://deb.freexian.com/extended-lts/tracker/CVE-2025-61655 [wf secteam triage] - CVE-2025-61653 https://deb.freexian.com/extended-lts/tracker/CVE-2025-61653 [wf secteam triage] - CVE-2025-61646 https://deb.freexian.com/extended-lts/tracker/CVE-2025-61646 [wf secteam triage] - CVE-2025-61643 https://deb.freexian.com/extended-lts/tracker/CVE-2025-61643 [wf secteam triage] - CVE-2025-61641 https://deb.freexian.com/extended-lts/tracker/CVE-2025-61641 [wf secteam triage] - CVE-2025-61640 https://deb.freexian.com/extended-lts/tracker/CVE-2025-61640 [wf secteam triage] - CVE-2025-61639 https://deb.freexian.com/extended-lts/tracker/CVE-2025-61639 [wf secteam triage] - CVE-2025-61638 https://deb.freexian.com/extended-lts/tracker/CVE-2025-61638 [wf secteam triage] - CVE-2025-61635 https://deb.freexian.com/extended-lts/tracker/CVE-2025-61635 [wf secteam triage] - ... * nodejs https://deb.freexian.com/extended-lts/tracker/source-package/nodejs - CVE-2025-23085 https://deb.freexian.com/extended-lts/tracker/CVE-2025-23085 * pgagent https://deb.freexian.com/extended-lts/tracker/source-package/pgagent - CVE-2025-0218 https://deb.freexian.com/extended-lts/tracker/CVE-2025-0218 * pgbouncer https://deb.freexian.com/extended-lts/tracker/source-package/pgbouncer - CVE-2025-2291 https://deb.freexian.com/extended-lts/tracker/CVE-2025-2291 * php-twig https://deb.freexian.com/extended-lts/tracker/source-package/php-twig - CVE-2024-51754 https://deb.freexian.com/extended-lts/tracker/CVE-2024-51754 * pypy3 https://deb.freexian.com/extended-lts/tracker/source-package/pypy3 - CVE-2025-8291 https://deb.freexian.com/extended-lts/tracker/CVE-2025-8291 - CVE-2025-6069 https://deb.freexian.com/extended-lts/tracker/CVE-2025-6069 - CVE-2025-1795 https://deb.freexian.com/extended-lts/tracker/CVE-2025-1795 - CVE-2025-0938 https://deb.freexian.com/extended-lts/tracker/CVE-2025-0938 - CVE-2024-11168 https://deb.freexian.com/extended-lts/tracker/CVE-2024-11168 - CVE-2024-7592 https://deb.freexian.com/extended-lts/tracker/CVE-2024-7592 - CVE-2024-6923 https://deb.freexian.com/extended-lts/tracker/CVE-2024-6923 - CVE-2024-6232 https://deb.freexian.com/extended-lts/tracker/CVE-2024-6232 * python-authlib https://deb.freexian.com/extended-lts/tracker/source-package/python-authlib - CVE-2025-62706 https://deb.freexian.com/extended-lts/tracker/CVE-2025-62706 [wf secteam triage] - CVE-2025-61920 https://deb.freexian.com/extended-lts/tracker/CVE-2025-61920 [wf secteam triage] - CVE-2025-59420 https://deb.freexian.com/extended-lts/tracker/CVE-2025-59420 [wf secteam triage] - CVE-2024-37568 https://deb.freexian.com/extended-lts/tracker/CVE-2024-37568 * python-eventlet https://deb.freexian.com/extended-lts/tracker/source-package/python-eventlet - CVE-2025-58068 https://deb.freexian.com/extended-lts/tracker/CVE-2025-58068 * python-gevent https://deb.freexian.com/extended-lts/tracker/source-package/python-gevent - CVE-2023-41419 https://deb.freexian.com/extended-lts/tracker/CVE-2023-41419 * python-h2 https://deb.freexian.com/extended-lts/tracker/source-package/python-h2 - CVE-2025-57804 https://deb.freexian.com/extended-lts/tracker/CVE-2025-57804 * python-pip https://deb.freexian.com/extended-lts/tracker/source-package/python-pip - CVE-2025-8869 https://deb.freexian.com/extended-lts/tracker/CVE-2025-8869 - CVE-2023-5752 https://deb.freexian.com/extended-lts/tracker/CVE-2023-5752 * pytorch https://deb.freexian.com/extended-lts/tracker/source-package/pytorch - CVE-2025-32434 https://deb.freexian.com/extended-lts/tracker/CVE-2025-32434 * ruby-graphql https://deb.freexian.com/extended-lts/tracker/source-package/ruby-graphql - CVE-2025-27407 https://deb.freexian.com/extended-lts/tracker/CVE-2025-27407 * ruby-saml https://deb.freexian.com/extended-lts/tracker/source-package/ruby-saml - CVE-2025-54572 https://deb.freexian.com/extended-lts/tracker/CVE-2025-54572 [wf secteam triage] - CVE-2025-25293 https://deb.freexian.com/extended-lts/tracker/CVE-2025-25293 [wf secteam triage] - CVE-2025-25292 https://deb.freexian.com/extended-lts/tracker/CVE-2025-25292 [wf secteam triage] - CVE-2025-25291 https://deb.freexian.com/extended-lts/tracker/CVE-2025-25291 [wf secteam triage] * sogo https://deb.freexian.com/extended-lts/tracker/source-package/sogo - CVE-2025-63498 https://deb.freexian.com/extended-lts/tracker/CVE-2025-63498 [wf secteam triage] * sslh https://deb.freexian.com/extended-lts/tracker/source-package/sslh - CVE-2025-52936 https://deb.freexian.com/extended-lts/tracker/CVE-2025-52936 * sympa https://deb.freexian.com/extended-lts/tracker/source-package/sympa - CVE-2024-55919 https://deb.freexian.com/extended-lts/tracker/CVE-2024-55919 [wf secteam triage] * tiff https://deb.freexian.com/extended-lts/tracker/source-package/tiff - CVE-2024-13978 https://deb.freexian.com/extended-lts/tracker/CVE-2024-13978 * wordpress https://deb.freexian.com/extended-lts/tracker/source-package/wordpress - CVE-2025-58674 https://deb.freexian.com/extended-lts/tracker/CVE-2025-58674 [wf secteam triage] - CVE-2025-58246 https://deb.freexian.com/extended-lts/tracker/CVE-2025-58246 [wf secteam triage] - CVE-2024-31111 https://deb.freexian.com/extended-lts/tracker/CVE-2024-31111 [wf secteam triage] - CVE-2024-6307 https://deb.freexian.com/extended-lts/tracker/CVE-2024-6307 [wf secteam triage] * xrdp https://deb.freexian.com/extended-lts/tracker/source-package/xrdp - CVE-2024-39917 https://deb.freexian.com/extended-lts/tracker/CVE-2024-39917 - CVE-2023-42822 https://deb.freexian.com/extended-lts/tracker/CVE-2023-42822 - CVE-2023-40184 https://deb.freexian.com/extended-lts/tracker/CVE-2023-40184
