Hi,

I have now rolled back the commits in
https://salsa.debian.org/debian/xz-utils/-/tree/debian/13-trixie that
were prepared by package maintainers in
https://salsa.debian.org/debian/xz-utils/-/merge_requests/6 and also
included a second security fix and the performance regression fix as
release team decided they want to maintain this package themselves
applying only the same minimal fixes that can be copied form Ubuntu
uploads.

On Mon, 13 Jul 2026 at 11:04, Jonathan Wiltshire <[email protected]> wrote:
>
> Control: tag -1 wontfix
>
> Hi,
>
> On Sat, Jun 27, 2026 at 02:00:04PM +0300, Otto Kekäläinen wrote:
> > Changelog:
> >
> > xz-utils (5.8.3-0+deb13u1) trixie; urgency=medium
> >
> >   * Import 5.8.3
> >     - Includes security fix for CVE-2026-34743, for which upstream states 
> > it’s
> >       likely that this bug cannot be triggered in any real-world 
> > application,
> >       see https://tukaani.org/xz/index-append-overflow.html (Closes: 
> > #1132497)
> >     - Soname updated from liblzma.so.5.8.1 -> liblzma.so.5.8.3 as in all new
> >       versions, but ABI remains compatible with the 5.8 series
> >     - New man pages in Arabic and Swedish
> >     - Documentation of liblzma had several JS scripts and images removed, 
> > and
> >       images replaced with new versions
> >   * Add myself as uploader and prepare gbp.conf and salsa-ci.yml for easier
> >     maintenance of this package in Trixie (and later potentially in LTS)
>
> With the security issue already fixed the rest does not seem to reach the
> criteria for a stable update; closing.
>
> Thanks,
>
> --
> Jonathan Wiltshire                                      [email protected]
> Debian Developer                         http://people.debian.org/~jmw
>
> 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
> ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
>

Reply via email to