FOSS Activites in October 2025

2-minute read
debian ubuntu open-source
debian ubuntu monthly

Here’s my monthly but brief update about the activities I’ve done in the F/L/OSS world.

Debian

Whilst I didn’t get a chance to do much, here’s still a few things that I worked on:

  • Uploaded ruby-rack, 3.1.18-1, to fix a bunch of CVEs.
  • Asssited a few folks in getting their patches submitted via Salsa.
  • Mentoring for newcomers.
  • Moderation of -project mailing list.

Ubuntu

I joined Canonical to work on Ubuntu full-time back in February 2021.

Whilst I can’t give a full, detailed list of things I did, here’s a quick TL;DR of what I did:

Debian (E)LTS

This month I have worked 16 hours on Debian Long Term Support (LTS) and 05 hours on its sister Extended LTS project and did the following things:

  • ruby-rack: There were multiple vulnerabilities reported leading to DoS (memory exhaustion) and proxy bypass.

    • [unstable/forky]: Uploaded a fix to unstable via 3.1.18-1 to fix 5 CVEs.
    • [trixie/bookworm]: Uploaded a fix for all 5 CVEs in trixie via 3.1.18-1~deb13u1 and 7 CVEs in bookworm via 2.2.20-0+deb12u1.
    • [LTS]: Uploaded a fix for all 7 CVEs in bullseye via 2.1.4-3+deb11u4. And released DLA 4357-1.
    • [ELTS]: Backported fixes for CVE-2025-46727 & CVE-2025-32441 to buster and stretch but the other backports are being a bit tricky due to really old versions. But I’ll spend some more time there before coming to a conclusion.

  • wordpress: There were multiple vulnerabilities reported leading to Sent Data & Cross-site Scripting.

    • [bookworm]: Uploaded a fix for all 4 CVEs in bookwrom via 6.1.9+dfsg1-0+deb12u1.
    • [LTS]: Uploaded a fix for all 4 CVEs in bullseye via 5.7.14+dfsg1-0+deb11u1. And released DLA 4358-1.

  • [LTS] Attended the monthly LTS meeting on Jitsi. Summary here.

  • [E/LTS] Monitored discussions on mailing lists, IRC, and all the documentation updates.

Until next time.
:wq for today.