bind9 (1:9.20.21-1) unstable; urgency=high . * New upstream version 9.20.21 - [CVE-2026-1519]: Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. - [CVE-2026-3104]: Fix memory leaks in code preparing DNSSEC proofs of non-existence. - [CVE-2026-3119]: Prevent a crash in code processing queries containing a TKEY record. - [CVE-2026-3591]: Fix a stack use-after-return flaw in SIG(0) handling code. containerd (2.1.4~ds2-8) unstable; urgency=medium . * Move containerd-shim-runc-v2 back to /bin, Closes: #1131547 * Update Breaks to force testing against docker 28.5 containerd (2.1.4~ds2-7) unstable; urgency=medium . * Don't run integration tests during package build . containerd (2.1.4~ds2-6) experimental; urgency=medium . * tests/integration: install containerd-shim-runc-v2 and similar * fix format string issue * tests: build test executables in regular build * ignore more integration tests * tests/cri-integration: Use binaries from the package build * Use cni path '/usr/lib/cni' . containerd (2.1.4~ds2-5) experimental; urgency=medium . * Fix autopkgtest by not excluding tracing/plugin * Tighten dependency on golang-github-containerd-containerd-api-dev * Fix build-only test . containerd (2.1.4~ds2-4) experimental; urgency=medium . * include the cmd/ packages for docker.io 28.x . containerd (2.1.4~ds2-3) experimental; urgency=medium . * Bump again, no changes to previous upload . containerd (2.1.4~ds2-2) experimental; urgency=medium . * Bump version number, no changes . containerd (2.1.4~ds2-1) experimental; urgency=medium . * Package containerd 2.1.4 * Refresh patches, tighten dependencies * debian/copyright: Additional clarifications * Bump Standards Version, no changes needed * debian/control: add misc:Depends to transitional meta-package * debian/rules: fix dh-golang-autopkgtest, cleanup excludes to avoid dependencies * add debian/vendor/update.sh, vendor imgcrypt/v2 * Drop all other vendored sources from orig tarball * Add missing build-depends . containerd (1.7.27~ds1-1) experimental; urgency=medium . * New upstream version containerd (2.1.4~ds2-6) experimental; urgency=medium . * tests/integration: install containerd-shim-runc-v2 and similar * fix format string issue * tests: build test executables in regular build * ignore more integration tests * tests/cri-integration: Use binaries from the package build * Use cni path '/usr/lib/cni' containerd (2.1.4~ds2-5) experimental; urgency=medium . * Fix autopkgtest by not excluding tracing/plugin * Tighten dependency on golang-github-containerd-containerd-api-dev * Fix build-only test containerd (2.1.4~ds2-4) experimental; urgency=medium . * include the cmd/ packages for docker.io 28.x containerd (2.1.4~ds2-3) experimental; urgency=medium . * Bump again, no changes to previous upload containerd (2.1.4~ds2-2) experimental; urgency=medium . * Bump version number, no changes docker-buildx (0.29.1+ds1-2) unstable; urgency=medium . * Team upload * Upload to unstable . docker-buildx (0.29.1+ds1-1) experimental; urgency=medium . [ Nicolas Peugnet ] * New upstream version 0.29.1+ds1 * Rediff patches * Update dependencies based on dh-make-golang check-depends * Disable history trace command due to missing dependency * Add new test directory to build * Skip one test that depends on golang-opentelemetry-otel-dev >= 1.32 * Avoid k8s-sigs-structured-merge-diff from experimental * Require the latest repack of docker-dev * Update copyright information * Bump Standards-Version to 4.7.3, drop Rules-Requires-Root & Priority fieds . [ Moritz Schlarb ] * Add Conflicts: docker-buildx-plugin (Closes: #1120500) . [ Reinhard Tartler ] * Add Build-Conflicts on golang-google-grpc-dev in experimental docker-buildx (0.29.1+ds1-1) experimental; urgency=medium . [ Nicolas Peugnet ] * New upstream version 0.29.1+ds1 * Rediff patches * Update dependencies based on dh-make-golang check-depends * Disable history trace command due to missing dependency * Add new test directory to build * Skip one test that depends on golang-opentelemetry-otel-dev >= 1.32 * Avoid k8s-sigs-structured-merge-diff from experimental * Require the latest repack of docker-dev * Update copyright information * Bump Standards-Version to 4.7.3, drop Rules-Requires-Root & Priority fieds . [ Moritz Schlarb ] * Add Conflicts: docker-buildx-plugin (Closes: #1120500) . [ Reinhard Tartler ] * Add Build-Conflicts on golang-google-grpc-dev in experimental docker-compose (2.40.3-2) unstable; urgency=medium . * Bump standards version to 4.7.3, no changes needed . docker-compose (2.40.3-1) experimental; urgency=medium . [ Nicolas Peugnet ] * New upstream version 2.40.3 (Closes: #1119298) * Rediff patches - Drop 0002-Update-sse-to-v2-major-version.patch: no longer a dependency * Update the list of dependencies after new version import * Add build conflicts with three packages from experimental * Update copyright information . [ Moritz Schlarb ] * Add Conflicts: docker-compose-plugin (Closes: #1120501) docker-compose (2.40.3-1) experimental; urgency=medium . [ Nicolas Peugnet ] * New upstream version 2.40.3 (Closes: #1119298) * Rediff patches - Drop 0002-Update-sse-to-v2-major-version.patch: no longer a dependency * Update the list of dependencies after new version import * Add build conflicts with three packages from experimental * Update copyright information . [ Moritz Schlarb ] * Add Conflicts: docker-compose-plugin (Closes: #1120501) docker.io (28.5.2+dfsg3-2) unstable; urgency=medium . * Fix compilation errors from newer docker vet, Closes: #1129110 * debian/changelog: update * Update Breaks on docker-{compose,buildx}, buildah * refresh patches . docker.io (28.5.2+dfsg3-1) experimental; urgency=medium . * fix build against system go-archive * Avoid opentelemetry-contrib from experimental for now * Build against go-archive from the archive . docker.io (28.5.2+dfsg2-1) experimental; urgency=medium . * Repack tarball to include planetscale-vtprotobuf and tonistiigi-dchapes packages, Kudos to Nicolas Peugnet! . docker.io (28.5.2+dfsg1-1) experimental; urgency=medium . * New upstream release [28.5.2], update patches * fix tests on 32bit * debian/copyright: - Clarify licenses of debian/* packaging * debian/rules: - disable gcp support to fix build * use salsa-ci with custom orig source script * debian/control: - avoid grpc in experimental for now, breaks the build - bump Standards-Version, no changes needed * gitlab-ci.yml: - use salsa-pipeline * debian/copyright: cleanup start - unvendor various packages docker.io (28.5.2+dfsg3-1) experimental; urgency=medium . * fix build against system go-archive * Avoid opentelemetry-contrib from experimental for now * Build against go-archive from the archive docker.io (28.5.2+dfsg2-1) experimental; urgency=medium . * Repack tarball to include planetscale-vtprotobuf and tonistiigi-dchapes packages, Kudos to Nicolas Peugnet! docker.io (28.5.2+dfsg1-1) experimental; urgency=medium . * New upstream release [28.5.2], update patches * fix tests on 32bit * debian/copyright: - Clarify licenses of debian/* packaging * debian/rules: - disable gcp support to fix build * use salsa-ci with custom orig source script * debian/control: - avoid grpc in experimental for now, breaks the build - bump Standards-Version, no changes needed * gitlab-ci.yml: - use salsa-pipeline * debian/copyright: cleanup start - unvendor various packages exactimage (1.2.1-3) unstable; urgency=medium . * debian/control: - Upgraded to policy 4.7.3 - drop Priority field - drop redundant Rules-Requires-Root - move git repository to shared "debian" namespace - temporarily depend on libopenjph-dev to fix libopenexr-dev * debian/copyright: - Remove old FSF address - Update copyright years * debian/watch: - Switch to version 5 format * debian/rules: - Explicitly disable jpeg-xl support ffmpeg (7:8.1-3) unstable; urgency=medium . * debian/rules: Fix typo and really ignroe test on s390x ffmpeg (7:8.1-2) unstable; urgency=medium . * debian/tests: Drop one test for wtv * debian/rules: Ignore failing tests on s390x * debian/*.symbols: Add new symbols ffmpeg (7:8.1-1) unstable; urgency=medium . [ Sean McGovern ] * d/rules: fix pkg.ffmpeg.stage1 build profile (no libxjl) . [ Sebastian Ramacher ] * New upstream version 8.1 - Fix out-of-bounds in RV60 decoder (CVE-2025-69693) - Enable whip muxer (Closes: #1125218) * debian/control: - Drop Priority: optional - Add frei0r-plugins for tests and suggest it - Fix descriptions for -extra variants freerdp3 (3.24.2+dfsg-1) unstable; urgency=medium . * new upstream bugfix/security release: CVE-2026-31883 `size_t` underflow in ADPCM decoder leads to heap-buffer-overflow write https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-85x9-4xxp-xhm5 CVE-2026-31897 Out-of-bounds read in `freerdp_bitmap_decompress_planar` https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x CVE-2026-33952 DoS via WINPR_ASSERT in rts_read_auth_verifier_no_checks https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93 CVE-2026-33977 DoS via WINPR_ASSERT in IMA ADPCM audio decoder (dsp.c:331) https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8f2g-3q27-6xm5 CVE-2026-33995 double free in kerberos_AcceptSecurityContext and kerberos_IntitalizeSecurityContextA https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mv25-f4p2-5mxx CVE-2026-33984 ClearCodec resize_vbar_entry() Heap OOB Write https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8469-2xcx-frf6 CVE-2026-33983 Progressive Codec Quant BYTE Underflow - UB + CPU DoS https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4gfm-4p52-h478 CVE-2026-33985 ClearCodec Glyph Cache Count Desync - Heap OOB Read https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85 CVE-2026-33986 H.264 YUV Buffer Dimension Desync - Heap OOB Write https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h6qw-wxvm-hf97 CVE-2026-33987 Persistent Cache bmpSize Desync - Heap OOB Write https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ff8h-p5vc-wcwc CVE-2026-33982 Persistent Cache Allocator Mismatch - Heap OOB Read https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jm9-2925-g4v2 gdal (3.12.3+dfsg-1) unstable; urgency=medium . * New upstream release. * Update symbols for other architectures. * Move from experimental to unstable. gdal (3.12.3~rc2+dfsg-1~exp1) experimental; urgency=medium . * New upstream release candidate. * Update symbols for other architectures. gdal (3.12.3~rc1+dfsg-1~exp1) experimental; urgency=medium . * New upstream release. * Drop obsolete Breaks/Replaces. * Update symbols for amd64. * Update lintian overrides. gegl (1:0.4.68-1) unstable; urgency=medium . * New upstream release * Remove 2 patches applied in new release * debian/libgegl-0.4.0t64.symbols: Update gimp (3.2.0-1) unstable; urgency=medium . * New upstream release - https://www.gimp.org/news/2026/03/14/gimp-3-2-released/ go-containerregistry (0.20.7+ds1-2) unstable; urgency=medium . * Upload to unstable . go-containerregistry (0.20.7+ds1-1) experimental; urgency=medium . * Build against docker in experimental * Bump Standards version * Build and install the 'crane' executable, Closes: #1124677 * disable tests that require gcloud executable * Improve package description * Add lintian overrides * debian/watch: bump to version 5 go-containerregistry (0.20.7+ds1-1) experimental; urgency=medium . * Build against docker in experimental * Bump Standards version * Build and install the 'crane' executable, Closes: #1124677 * disable tests that require gcloud executable * Improve package description * Add lintian overrides * debian/watch: bump to version 5 golang-github-compose-spec-compose-go (2.9.1-3) unstable; urgency=medium . * Team upload. * Add breaks for docker-buildx, docker-compose golang-github-compose-spec-compose-go (2.9.1-2) unstable; urgency=medium . * Team upload * Upload to unstable . golang-github-compose-spec-compose-go (2.9.1-1) experimental; urgency=medium . * New upstream version 2.9.1 * Rediff patches * Update dependencies list after new version import * Install new missing test data in the build directory * Add manpage for compose-spec * Update debian/watch to version 5 * Remove control fields that are not recommended any more * Bump Standards-Version to 4.7.3 (no changes needed) * Enable Salsa CI * Update copyright years golang-github-compose-spec-compose-go (2.9.1-1) experimental; urgency=medium . * New upstream version 2.9.1 * Rediff patches * Update dependencies list after new version import * Install new missing test data in the build directory * Add manpage for compose-spec * Update debian/watch to version 5 * Remove control fields that are not recommended any more * Bump Standards-Version to 4.7.3 (no changes needed) * Enable Salsa CI * Update copyright years golang-github-containers-buildah (1.43.0+ds1-2) unstable; urgency=medium . * Upload to unstable . golang-github-containers-buildah (1.43.0+ds1-1) experimental; urgency=medium . * New upstream version: 1.43.0 * Tighten dependencies on containers/{storage,image,common}, imagebuilder * Build depend on libselinux-dev * Bump Standards Version golang-github-containers-buildah (1.43.0+ds1-1) experimental; urgency=medium . * New upstream version: 1.43.0 * Tighten dependencies on containers/{storage,image,common}, imagebuilder * Build depend on libselinux-dev * Bump Standards Version golang-github-containers-common (0.67.0-2) unstable; urgency=medium . * Bump Standards-Version . golang-github-containers-common (0.67.0-1) experimental; urgency=medium . * New upstream release: 0.67 * Update Breaks and tighten dependencies on debian/{storage,image} * debian/repack: fix origtarball filename * debian/copyright: updates golang-github-containers-common (0.67.0-1) experimental; urgency=medium . * New upstream release: 0.67 * Update Breaks and tighten dependencies on debian/{storage,image} * debian/repack: fix origtarball filename * debian/copyright: updates golang-github-containers-image (5.39.1-3) unstable; urgency=medium . * Upload to unstable . golang-github-containers-image (5.39.1-2) experimental; urgency=medium . * New upstream release * Bump Standards Version, no changes needed * Drop redundant Rules-Requires-Root * debian/copyright: various corrections * Build against containers/storage 1.62 * Build against docker 28 * Cleanup patches, reorder names * debian/changelog: update golang-github-containers-image (5.39.1-2) experimental; urgency=medium . * New upstream release * Bump Standards Version, no changes needed * Drop redundant Rules-Requires-Root * debian/copyright: various corrections * Build against containers/storage 1.62 * Build against docker 28 * Cleanup patches, reorder names * debian/changelog: update golang-github-opencontainers-image-spec (1.1.1-2) unstable; urgency=medium . * Update breaks * Build against santhosh-tekuri/jsonschema/v6 * Bump Standards-Version to 4.7.3, no changes needed golang-github-santhosh-tekuri-jsonschema (6.0.2-3) unstable; urgency=medium . * Team upload. * Add Breaks on golang-github-opencontainers-image-spec-dev (<< 1.1.1-2~) golang-github-santhosh-tekuri-jsonschema (6.0.2-2) unstable; urgency=medium . * Team upload. * Upload to unstable * Drop redundant Rules-Requires-Root * Bump Standards-Version to 4.7.3 (no changes) . golang-github-santhosh-tekuri-jsonschema (6.0.2-1) experimental; urgency=medium . * Team upload. * Revert "Fix watch file to only look for v5." * New upstream version 6.0.2 * Update patches * Update (Build-)Depends * Add metaschemas directory to DH_GOLANG_INSTALL_EXTRA * Disable http test * Add Static-Built-Using to jsonschema-jv package * Bump Standards-Version to 4.7.2 (no changes) golang-github-santhosh-tekuri-jsonschema (6.0.2-1) experimental; urgency=medium . * Team upload. * Revert "Fix watch file to only look for v5." * New upstream version 6.0.2 * Update patches * Update (Build-)Depends * Add metaschemas directory to DH_GOLANG_INSTALL_EXTRA * Disable http test * Add Static-Built-Using to jsonschema-jv package * Bump Standards-Version to 4.7.2 (no changes) golang-github-sylabs-sif (2.24.0-1) unstable; urgency=medium . * Team Upload. * New upstream version 2.24.0 * d/control: - Bump dh compat to 13. - Bump standards version to 4.7.3 (no change required). - Remove redundant priority optional field. - Remove redundant rules requires root field. * d/rules: Add 'DH_GOLANG_EXCLUDES := cmd/siftool'. golang-github-tonistiigi-fsutil (0.0~git20251211.a2aa163-3) unstable; urgency=medium . * Team upload. * Add breaks for docker-buildx golang-github-tonistiigi-fsutil (0.0~git20251211.a2aa163-2) unstable; urgency=medium . * Team upload. . [ Nicolas Peugnet ] * Do not run bench tests, prevents circular dependency . [ Reinhard Tartler ] * Upload to unstable . golang-github-tonistiigi-fsutil (0.0~git20251211.a2aa163-1) experimental; urgency=medium . * Team upload. * New upstream version 0.0~git20251211.a2aa163 * Apply team agreed wrap-and-sort format * Update dependencies after new version import * Do not run bench tests, prevents circular dependency * Bump Standards-Version to 4.7.3, drop Rules-Requires-Root & Priority fields * Add Multi-Arch: foreign indication golang-github-tonistiigi-fsutil (0.0~git20251211.a2aa163-1) experimental; urgency=medium . * Team upload. * New upstream version 0.0~git20251211.a2aa163 * Apply team agreed wrap-and-sort format * Update dependencies after new version import * Do not run bench tests, prevents circular dependency * Bump Standards-Version to 4.7.3, drop Rules-Requires-Root & Priority fields * Add Multi-Arch: foreign indication imagemagick (8:7.1.2.16+dfsg1-1) unstable; urgency=high . * New upstream version * Drop patch about double free in SVG applied upstream * Fix CVE-2026-28493: An integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted image. * Fix CVE-2026-28494: A stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption. * Fix CVE-2026-28686: A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation. * Fix CVE-2026-28687: a heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. * Fix CVE-2026-28688: A heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed * Fix CVE-2026-28689: Domain="path" authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write * Fix CVE-2026-28690: A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data. * Fix CVE-2026-28691: An uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. * Fix CVE-2026-28692: MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. * Fix CVE-2026-28693: An integer overflow in DIB coder can result in out of bounds read or write * Fix CVE-2026-30883: An extremely large image profile could result in a heap overflow when encoding a PNG image * Fix CVE-2026-30929: MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack * Fix CVE-2026-30931: A heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write. * Fix CVE-2026-30935: BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the -bilateral-blur operation an out of bounds read can occur. * Fix CVE-2026-30936: A crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur. * Fix CVE-2026-30937: A 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. jpeg-xl (0.11.2-0.1) unstable; urgency=medium . * Non-maintainer upload. * New upstream release. - CVE-2025-12474: Decoder read from uninitialized (but allocated) memory (Closes: #1128068) - CVE-2026-1837: Decoder write to uninitialized unallocated memory (Closes: #1128067) * Disable a failing test. (Closes: #1123400) * Increase the test timeout. (Closes: #1114914) * Backport a loong64 FTBFS fix. libaio (0.3.113-9) unstable; urgency=medium . * Remove «Rules-Requires-Root: no», which is the current default. * Remove «Priority: optional», which is the current default. * Remove versioned Build-Depends on dpkg-dev, satisfied since Debian trixie. * Remove lintian overrides that no longer get emitted. * Add spaces around make assignment operators to distinguish from shell ones. * Finish multi-line commands in debian/rules with a comment marker. * Switch to debian/watch version 5. * Switch to Standards-Version 4.7.3 (no changes needed). libavif (1.4.1-1) unstable; urgency=medium . * New upstream release. libavif (1.4.0-4) unstable; urgency=medium . * debian/changelog: Remove trailing space. * debian/avif*.1: Refresh embed man pages. * debian/tests/encode-decode: Unify format style. * debian/libavif-bin.manpages: Also install avifgainmaputil(1) man page generated from help2man. libavif (1.4.0-3) unstable; urgency=medium . * debian/: Try to enable googletest. * debian/tests/: Add a simple encode-decode autopkgtest. Thanks to Nadzeya Hutsko from Ubuntu proposed merge request. libavif (1.4.0-2) unstable; urgency=medium . * debian/: Drop mentioning of armel architecture. * debian/rules: Enable tests that do not need googletest for now. libclone-perl (0.49-1) unstable; urgency=medium . * Team upload. * New upstream version 0.49. libconfig-model-systemd-perl (0.260.1-1) unstable; urgency=medium . * new upstream version for systemd 260 * control: declare compliance with Debian policy 4.7.3 * copyright: update with cme * watch: use version 5 template * README.source.org: add --refresh option to quilt push libpam-mount (2.22-3) unstable; urgency=medium . * Move pmt-ehd and pmvarrun to bin/ (Closes: #1034339) * Drop optional priority * Bump policy version (no changes) libsixel (1:1.8.7-3) unstable; urgency=medium . * debian/control: add pkg-conf in build-deps, closes: #1131203 libsixel (1:1.8.7-2) unstable; urgency=medium . * debian/control: fix build-deps from meson to autotools-dev, closes: #1130938 libsixel (1:1.8.7-1) unstable; urgency=medium . * Back to satoshia/libsixel * Back to autotools * The past repository had archived * New upstream release, security fixes libssh (0.12.0-3) unstable; urgency=medium . * Set DOXYGEN_AWESOME_CSS_DIR build flag to actually use doxygen-awesome-css package. Without it, the build system doesn't see the new build dependency. (Closes: #1130941) libssh (0.12.0-2) unstable; urgency=medium . * Add missing doxygen-awesome-css build dep. This avoids trying to download the extension from the Internet during build. Thanks to Santiago Vila for reporting and Sven Müller for figuring out the patch! (Closes: #1130941) * libssh-dev: Add missing krb5-multidev dependency. Version 0.12 introduced this requirement. Thanks to Simon McVittie! (Closes: #1130972) * autopkgtest: Port mock-sshd.c to current callback based API. Remove usage of the deprecated ssh_message_auth_pubkey() etc. API. * autopktest: Test multi-step authentication. Our mock ssh server already supports multi-step ("2FA") authentication. Expand the test to actually exercise that. Add an askpass script that reacts to the various prompts. libssh (0.12.0-1) unstable; urgency=medium . * New upstream security/feature release: - CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() - CVE-2026-0965: Possible Denial of Service when parsing unexpected configuration files - CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input - CVE-2026-0967: Specially crafted patterns could cause DoS - CVE-2026-0968: OOB Read in sftp_parse_longname() - CVE-2026-3731: Read buffer overrun when handling SFTP extensions - Note: CVE-2025-14821 is Windows specific, does not apply to Linux (Closes: #1127693) * Enable new FIDO/U2F support. Build-depend on libfido2-dev. * Drop "Priority: optional" field. Debian Policy 4.7.3 made this obsolete. Bump Standards-Version accordingly. libtimedate-perl (2.3500-1) unstable; urgency=medium . * Team upload. . [ Samuel Young ] * New upstream version 2.3500. * Add SECURITY.md to docs. * Update upstream metadata. . [ gregor herrmann ] * autopkgtests: drop debian/tests/pkg-perl/use-name. Not needed anymore. * autopkgtest: add patch to help new test find the module when run under autopkgtest. mia (2.4.7-18) unstable; urgency=medium . [ Santiago Vila ] * Team upload. * [3dc3735] Build with boost 1.90. Closes: #1127235. . [ Andreas Tille ] * [3d9f809] Update changelog * [8a38cac] Additional fix for boost 1.90. openexr (3.4.6+ds-4) unstable; urgency=medium . * Team upload * Move to unstable openexr (3.4.6+ds-3) experimental; urgency=medium . * Team upload * Add missing dev dependencies (Closes: #1130588) * Rename according to soname (Closes: #1130643) openexr (3.4.6+ds-2) unstable; urgency=medium . * Team upload * Fix configuration for arch=all * Ignore test results on failing release archs openexr (3.4.6+ds-1) unstable; urgency=medium . * Team upload * Repack eliminating external dir * New upstream version 3.4.6 (Closes: #1110261, #1120700, #1123963, #1130041) addresses CVE-2025-48074, CVE-2025-64181, CVE-2025-12495, CVE-2025-12839, CVE-2025-128340, CVE-2026-27622 * Add new Depends * Drop html docs * Enable tests partman-partitioning (161) unstable; urgency=medium . * Team upload . [ Pascal Hambourg ] * Set individual flags with SET_FLAG instead of SET_FLAGS. Simpler (no need to call GET_FLAGS) and more reliable (implicitly removes conflicting flags). See #1093565. * Update partman-base minimum version for SET_FLAG command. . [ Updated translations ] * German (de.po) by Holger Wansing * Finnish (fi.po) by Jiri Grönroos * Kazakh (kk.po) by Baurzhan Muftakhidinov * Korean (ko.po) by Changwoo Ryu * Lao (lo.po) by BoneNI * Punjabi (Gurmukhi) (pa.po) by Aman Alam * Portuguese (pt.po) by Miguel Figueiredo pfstools (2.2.0-12) unstable; urgency=medium . * Team Upload * Apply Multi-Arch: hint * Rewrite d/watch in v5 format pfstools (2.2.0-11) unstable; urgency=medium . * Team Upload * Trim dpatch boilerplate * Apply Multi-Arch: hint * Drop "Rules-Requires-Root: no": it is the default now * Bump Standards-Version to 4.7.3, drop Priority: tag . [ Andreas Metzler ] * run wrap-and-sort -ast * mark patch as forwarded podman (5.8.1+ds1-2) unstable; urgency=medium . * Upload to unstable . podman (5.8.1+ds1-1) experimental; urgency=medium . * New upstream version * Fixed a critical in the BoltDB to SQLite migration code cf. https://github.com/containers/podman/issues/28216 . podman (5.8.0+ds1-1) experimental; urgency=medium . * New Upstream version, Closes: #1129222 * Add debian/NEWS entry about automatic boltdb migration * Refresh patches, build against docker 28, buildah 1.43 * Tighten build dependencies * expand build conflicts * Avoid building against opencontainers-cgroups in experimental * NEWS: Fix version * Bump Standards version podman (5.8.1+ds1-1) experimental; urgency=medium . * New upstream version * Fixed a critical in the BoltDB to SQLite migration code cf. https://github.com/containers/podman/issues/28216 podman (5.8.0+ds1-1) experimental; urgency=medium . * New Upstream version, Closes: #1129222 * Add debian/NEWS entry about automatic boltdb migration * Refresh patches, build against docker 28, buildah 1.43 * Tighten build dependencies * expand build conflicts * Avoid building against opencontainers-cgroups in experimental * NEWS: Fix version * Bump Standards version prometheus (2.53.5+ds1-4) unstable; urgency=medium . [ Nicolas Peugnet ] * Team upload. * Update deprecated type to fix build with Moby v28, Closes: #1131820 . [ Reinhard Tartler ] * Build against docker 28 python-electrum-ecc (0.0.7+ds-2) unstable; urgency=medium . * Bump libsecp256k1 build dependency to >= 0.7.1. r-cran-clubsandwich (0.6.2-1) unstable; urgency=medium . * Team upload. * New upstream version * Standards-Version: 4.7.3 (routine-update) * Reorder sequence of d/control fields by cme (routine-update) * Remove Priority field to comply with Debian Policy 4.7.3 (routine- update) r-cran-clubsandwich (0.6.1-1) unstable; urgency=medium . * Team upload. * New upstream version * Standards-Version: 4.7.2 (routine-update) * Restrict to 64-bits architectures (routine-update) * Restrict to little-endian architectures (routine-update) rjava (1.0-16-1) unstable; urgency=medium . * New upstream release . * debian/control: Set Build-Depends: to current R version svt-av1 (4.1.0+dfsg-1) unstable; urgency=medium . * New upstream version 4.1.0+dfsg svt-av1 (4.0.1+dfsg-1) experimental; urgency=medium . * New upstream version 4.0.1+dfsg (LP: #2140560) * SONAME bump: libsvtav1enc3 -> libsvtav1enc4 * debian/control: Remove old Breaks+Replaces * debian/copyright: Update for new upstream release * debian/rules: Use /usr/share/dpkg/architecture.m for DEB_HOST_ARCH swayimg (5.1-1) unstable; urgency=medium . * New upstream release swayimg (5.0-1) unstable; urgency=medium . * New upstream release * debian/control: + Replace build dependency libexif with libexiv2 + Add build dependency libluajit-5.1-dev * debian/rules + Pass option to configure to not install LICENCE file vcmi (1.7.3+dfsg-1) unstable; urgency=medium . * New upstream release. vips (8.18.1-1) unstable; urgency=medium . * New upstream release. REMOVED: lxqt-panel 2.2.2-1 REMOVED: lxqt-metapackages 33.2