Your message dated Sat, 14 Mar 2026 11:48:35 +0000
with message-id <[email protected]>
and subject line Released with 13.4
has caused the Debian Bug report #1126260,
regarding trixie-pu: package jaraco.context/6.0.1-1+deb13u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1126260: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126260
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected],
[email protected]
Control: affects -1 + src:jaraco.context
User: [email protected]
Usertags: pu
This update fixes the (non-dsa) path traversal vulnerability tracked
as CVE-2026-23949. The vulnerability may allow attackers to extract
files outside the intended extraction directory when malicious tar
archives are processed.
The only code change is a minimal backport of the upstream fix [2].
The patch is identical to the one used to fix the issue in unstable
and low risk.
All CI checks pass on trixie [3]. In addition, the update has been
manually checked against new upstream testcases specifically testing
for the security issue.
[1]https://security-tracker.debian.org/tracker/CVE-2026-23949
[2]https://github.com/jaraco/jaraco.context/commit/7b26a42b525735e4085d2e994e13802ea339d5f9
[3]https://salsa.debian.org/jcfp/jaraco.context/-/pipelines/1011444
jaraco.context_6.0.1-1+deb13u1_source.debdiff
Description: Binary data
pgpcw5tuDx1EY.pgp
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 13.4
This update has been released as part of Debian 13.4.
--- End Message ---
