Hi, I have now rolled back the commits in https://salsa.debian.org/debian/xz-utils/-/tree/debian/13-trixie that were prepared by package maintainers in https://salsa.debian.org/debian/xz-utils/-/merge_requests/6 and also included a second security fix and the performance regression fix as release team decided they want to maintain this package themselves applying only the same minimal fixes that can be copied form Ubuntu uploads.
On Mon, 13 Jul 2026 at 11:04, Jonathan Wiltshire <[email protected]> wrote: > > Control: tag -1 wontfix > > Hi, > > On Sat, Jun 27, 2026 at 02:00:04PM +0300, Otto Kekäläinen wrote: > > Changelog: > > > > xz-utils (5.8.3-0+deb13u1) trixie; urgency=medium > > > > * Import 5.8.3 > > - Includes security fix for CVE-2026-34743, for which upstream states > > it’s > > likely that this bug cannot be triggered in any real-world > > application, > > see https://tukaani.org/xz/index-append-overflow.html (Closes: > > #1132497) > > - Soname updated from liblzma.so.5.8.1 -> liblzma.so.5.8.3 as in all new > > versions, but ABI remains compatible with the 5.8 series > > - New man pages in Arabic and Swedish > > - Documentation of liblzma had several JS scripts and images removed, > > and > > images replaced with new versions > > * Add myself as uploader and prepare gbp.conf and salsa-ci.yml for easier > > maintenance of this package in Trixie (and later potentially in LTS) > > With the security issue already fixed the rest does not seem to reach the > criteria for a stable update; closing. > > Thanks, > > -- > Jonathan Wiltshire [email protected] > Debian Developer http://people.debian.org/~jmw > > 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 > ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1 >

