There are 13 open security issues in buster.
commit 353261089a61c516cf1b1c563c321365877e1137 Merge: 5685596 9d92c4e Author: Ben Hutchings <benh@debian.org> Date: Mon Oct 20 23:00:56 2025 +0200 Merge branch 'avoid-broken-links' into 'debian/latest' Fix another broken symlink and avoid creating more of them See merge request kernel-team/firmware-nonfree!133 commit 9d92c4ee121801497e37268ffdb023209ab8a078 Author: Ben Hutchings <benh@debian.org> Date: Mon Oct 20 22:13:20 2025 +0200 intel-misc: Include Lenovo ThinkPad X1 2-in-1 Gen 10 ISH firmware Add the ISH firmware for a Lenovo ThinkPad model. This is under LENOVO/ish because it has a different licence, but there is a symlink to it under intel/ish that we already include. This broken symlink was caught by the check added in the previous commit. Also documented this file in debian/copyright. commit 53b61f2bb7506c6e1d83949615885dd40c4f036c Author: Ben Hutchings <benh@debian.org> Date: Mon Oct 20 21:48:23 2025 +0200 d/rules: Check for broken symlinks among installed firmware Now that we only deduplicate files within each binary package, that should not create any broken symlinks. But symlinks can also be explicitly defined by WHENCE, so we could still include such a symlink and not the file to points to. Add a check for broken symlinks after running dh_install and deduplicating. For now, this excludes the intentional cross-package symlinks from firmware-qcom-soc to firmware-atheros. commit 6e628aeadca2153e56e895687bef583929278a7a Author: Ben Hutchings <benh@debian.org> Date: Mon Oct 20 21:21:53 2025 +0200 d/rules: Only deduplicate files that are packaged Bug #1118195 was caused by dedupe-firmware.sh symlinking a file that we included in a binary package to an identical file that we didn't yet include. In general we would want to include both the identical files in the same package, but we don't currently have a way to make that happen automatically. To avoid similar bugs in future, switch to running dedupe-firmware.sh on each package installation directory, not on debian/build/install. Also stop running dedupe-firmware.sh in the debian/control-real recipe, and update the comment there. commit 5685596f2ddd9c4e6e1e694c017226a87f832528 Merge: b2c16d3 3c2cdcf Author: Ben Hutchings <benh@debian.org> Date: Mon Oct 20 20:55:08 2025 +0200 Merge branch 'fix-arm-mali-firmware' into 'debian/latest' misc-nonfree: Include all Arm Mali firmware See merge request kernel-team/firmware-nonfree!132 commit 3c2cdcf46c592fbbc1860c0619cf179b4ffd7626 Author: Diederik de Haas <didi.debian@cknow.org> Date: Thu Oct 16 13:22:20 2025 +0200 misc-nonfree: Include all Arm Mali firmware Various new Arm Mali firmware files were added in upstream commit 930ef9046e38 ("panthor: Add firmware for more Mali GPUs") Therefore extend the defines pattern to include them all. Also extend the copyright pattern in a similar vein as the new files are licensed under the same license terms as the existing file. Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
Among the 4 debian patches available in version 20250917-1 of the package, we noticed the following issues:
There are 13 open security issues in bookworm.