linux-vulnerability-mitigation (20260519.1-1) sid; urgency=medium

  * Merging upstream version 20260519.1:
    - Adding pintheft in linux-vulnerability-mitigation.7 manpage.
    - Updating references to pintheft mitigation as CVE-2026-43494.
    - Correcting spelling of PinTheft.
  * Adding pintheft in package description.
  * Handling pintheft pre-CVE mitigation files.

 -- Daniel Baumann <daniel@debian.org>  Fri, 22 May 2026 07:43:26 +0200

linux-vulnerability-mitigation (20260519-1) sid; urgency=high

  * Merging upstream version 20260519.
    - Correcting return values of help commands.
    - Silencing changing sysctl in ssh-keysign-pwn mitigation in order to not
      fail if the tunable is locked down (i.e. value 3).
    - Adding pintheft mitigation.

 -- Daniel Baumann <daniel@debian.org>  Wed, 20 May 2026 14:11:49 +0200

linux-vulnerability-mitigation (20260515.2-1) sid; urgency=medium

  * Merging upstream version 20260515.2:
    - Add debian specific kernel version containing the fix for CVE-2026-46333 in manpage.
    - Correcting spelling typos in manpage, thanks to Christian T. Steigies <cts@debian.org>.
    - Adding check in mitigation scripts.
    - Adding status in mitigations scripts.
    - Harmonizing all public-domain license identifiers.
    - Adding linux-vulnerability-mitigation cli program.
    - Reworking metadata handling in mitigations.
    - Updating preseeding examples for new two-step dialog.
    - Adding todo file.
  * Capitalizing debconf choices variable for consistency.
  * Tidying Portuguese deboconf po file.
  * Adding to show vulnerability names in debconf instead of CVE number
    only.
  * Updating debconf handling to use cli program.
  * Reworking debconf into two-step dialog.
  * Refreshing debconf files.
  * Updating mitigation provides.
  * Updating package description.
  * Adding bash-completion to suggests.

 -- Daniel Baumann <daniel@debian.org>  Sun, 17 May 2026 22:03:22 +0200

linux-vulnerability-mitigation (20260515.1-1) sid; urgency=high

  * Merging upstream version 20260515.1:
    - Adding vulnerability discovery attribution in ssh-keysign-pwn mitigation.
    - Guarding changing sysctl in ssh-keysign-pwn mitigation in order to not
      fail if the tunable is locked down (i.e. value 3).
    - Updating references to ssh-keysing-pwn mitigation as CVE-2026-46333.
  * Slightly improving readability of maintainerscript output when
    applying mitigations.
  * Sorting changelog.
  * Updating preinst to remove files from previous versions.

 -- Daniel Baumann <daniel@debian.org>  Fri, 15 May 2026 17:15:20 +0200

linux-vulnerability-mitigation (20260515-1) sid; urgency=high

  * Merging upstream version 20260515:
    - Clarifying that the preseed example in manpage is an example.
    - Creating and removing module directories to make mitigations idempotent.
    - Adding (partial) ssh-keysign-pwn mitigation, thanks to Salvatore
      Bonaccorso <carnil@debian.org>.
  * Temporarily omitting CVE filepattern for mitigations in
    maintainerscripts as the ssh-keysign-pwn vulnerability does not yet
    have a CVE number.

 -- Daniel Baumann <daniel@debian.org>  Fri, 15 May 2026 07:30:21 +0200

linux-vulnerability-mitigation (20260513.1-1) experimental; urgency=medium

  * Merging upstream version 20260513.1:
    - Correcting attribution to Fragnesia discoverer in manpage.
    - Adding kernel version information for Fragnesia in manpage.
  * Adding initial Catalan debconf translations from poc senderi
    <pocsenderi@protonmail.com> (Closes: #1136700).

 -- Daniel Baumann <daniel@debian.org>  Fri, 15 May 2026 00:39:19 +0200

linux-vulnerability-mitigation (20260513-1) experimental; urgency=medium

  * Merging upstream version 20260513.
    - Correcting uninstall command for CVE-2026-43500 mitigation.
    - Correcting spelling typo in manpage.
    - Listing fixed kernel versions in manpage.
    - Adding mitigation for Fragnesia [CVE-2026-46300] which is identical to the
      mitigation for Dirty Frag (Part 2) [CVE-2026-43500].
  * Including upstream changelogs in debian changelog.

 -- Daniel Baumann <daniel@debian.org>  Thu, 14 May 2026 08:14:42 +0200

linux-vulnerability-mitigation (20260508.3-3) sid; urgency=medium

  * Removing setting of debconf multiselect to be unseen, this is not
    necessary anymore.

 -- Daniel Baumann <daniel@debian.org>  Tue, 12 May 2026 17:27:49 +0200

linux-vulnerability-mitigation (20260508.3-2) sid; urgency=medium

  * Adding initial Portuguese debconf translations from Américo Monteiro
    <a_monteiro@gmx.com> (Closes: #1136258).
  * Marking multiselect choices as non-translatable in debconf template.
  * Refreshing debconf files.

 -- Daniel Baumann <daniel@debian.org>  Mon, 11 May 2026 09:57:45 +0200

linux-vulnerability-mitigation (20260508.3-1) sid; urgency=medium

  * Merging upstream version 20260508.3:
    - Also silencing unloading xfrm modules.
  * Using codenames instead of suitenames in changelog.

 -- Daniel Baumann <daniel@debian.org>  Sun, 10 May 2026 17:14:37 +0200

linux-vulnerability-mitigation (20260508.2-2) sid; urgency=medium

  * Correcting spelling typo in debconf templates, thanks to Teemu
    Hukkanen <tjhukkan@iki.fi> (Closes: #1136162).
  * Refreshing debconf files.

 -- Daniel Baumann <daniel@debian.org>  Sun, 10 May 2026 10:39:00 +0200

linux-vulnerability-mitigation (20260508.2-1) sid; urgency=high

  * Merging upstream version 20260508.2:
    - Updating CVE-2026-43284 mitigation with Copy Fail 2 specific removal
      of xfrm_user/xfrm_algo modules (it's not entirely clear if Copy Fail
      2 is completely mitigated by only removing esp4/esp6 modules only, so
      let's remove xfrm_user/xfrm_algo too).
    - Wrapping changelog.
  * Correcting spelling typo in package description.

 -- Daniel Baumann <daniel@debian.org>  Fri, 08 May 2026 21:19:53 +0200

linux-vulnerability-mitigation (20260508.1-1) sid; urgency=high

  * Merging upstream version 20260508.1:
    - Updating comments in copy-fail mitigation.
    - Also blacklisting modules in order to catch module aliases.
    - Using CVE number as primary identifier for mitigations.
    - Splitting previous CVE-2026-43284 into CVE-2026-43284 and
      CVE-2026-43500.
    - Adding individual mitigation preseeding example in manpage.
  * Correcting postinst to actually run all mitigations when selecting
    'all' via debconf.
  * Indenting console output of maintainer scripts.
  * Adding prerm to remove files from previous versions.
  * Adding additional CVE numbers in package description.

 -- Daniel Baumann <daniel@debian.org>  Fri, 08 May 2026 16:58:32 +0200

linux-vulnerability-mitigation (20260508-1) sid; urgency=high

  * Merging upstream version 20260508:
    - Correcting spelling typo in manpage.
    - Adding usage notes in manpage.
    - Updating for dirty-frag CVE number.
  * Correcting spelling typo in package description.
  * Harmonizing CVE reference for dirty frag in package description.
  * Displaying 'all' and 'none' options in debconf dialog.
  * Showing a warning if no mitigation has been selected to avoid users
    feeling save on systems with debconf priority higher than 'high'.
  * Updating dirty-frag CVE number in package description.

 -- Daniel Baumann <daniel@debian.org>  Fri, 08 May 2026 14:14:27 +0200

linux-vulnerability-mitigation (20260507-1) sid; urgency=high

  * Initial upload to sid.

 -- Daniel Baumann <daniel@debian.org>  Fri, 08 May 2026 06:57:47 +0200