There are 2 open security issues in trixie.
2 issues left for the package maintainer to handle:
- CVE-2026-30892:
(needs triaging)
crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected. Version 1.27 patches the issue.
- CVE-2026-47766:
(needs triaging)
You can find information about how to handle these issues in the security team's documentation.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/c/crun.png){kind=link}