There are 294 open security issues in trixie.
There are 24 open security issues in sid.
There are 24 open security issues in forky.
There are 1741 open security issues in bullseye.
There are 1073 open security issues in bookworm.
You can find information about how to handle these issues in the security team's documentation.
There are 636 open security issues in buster.
commit 3cc44ee2d4083595e51f5e466bc7889cc04c418a
Merge: 0e5232303 5ec87da97
Author: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed Jun 17 23:40:52 2026 +0200
Merge branch 'feature/enable-oxp-ec' into 'debian/latest'
[amd64] Enable CONFIG_OXP_EC as module
See merge request kernel-team/linux!1971
commit 5ec87da97ff218d8bec0f2e405c2c85e00e82a22
Author: Danny Trunk <dtrunk90@gmail.com>
Date: Mon Jun 8 16:41:17 2026 +0200
[amd64] drivers/platform/x86: Enable OXP_EC as module
Provides the oxpec platform driver for OneXPlayer and AOKZOE handheld devices.
This driver has been available in mainline linux since 6.16.
Closes https://bugs.debian.org/1138985
commit 0e5232303b596141d3db652f7a234e1179f81601
Merge: 410cb065e 06e809a07
Author: Uwe Kleine-König <ukleinek@debian.org>
Date: Wed Jun 17 21:58:15 2026 +0200
Merge branch 'enable-arm64-mpam' of salsa.debian.org:ema/linux
[arm64] enable CONFIG_ARM64_MPAM
See merge request kernel-team/linux!1974
commit 410cb065efb6fe3b59e0a3ed0807b3ea2fdf56b2
Merge: 27d8a9bc5 68e50da52
Author: Uwe Kleine-König <ukleinek@debian.org>
Date: Wed Jun 17 21:51:21 2026 +0200
Merge branch 'sandbox/baolizha/enable-ptl-features' of salsa.debian.org:Baoli/baoli-linux
[amd64] Enable PPS_GENERATOR_TIO signal generator as module
[amd64] Enable MIPI I3C HCI drivers as module
[amd64] Enable VIDEO_LT6911UXE HDMI to MIPI bridge as module
[amd64] Enable EDAC_IMH driver as module
Fixed the order of kconfig symbols in debian/config/amd64/config
See merge request kernel-team/linux!1983
commit 27d8a9bc57f1d542c20f5a2da16a4a7760391030
Merge: 43e56dca2 007bfdb0d
Author: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed Jun 17 21:46:29 2026 +0200
Merge branch 'enable-netfilter-netlink-hook' into 'debian/latest'
net/netfilter: Enable NETFILTER_NETLINK_HOOK as module
See merge request kernel-team/linux!1976
commit 007bfdb0d3b113df15472640a00e006fd3926cbb
Author: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri Jun 12 06:09:24 2026 +0200
net/netfilter: Enable NETFILTER_NETLINK_HOOK as module
Closes: #1139686
commit 43e56dca25a0da5986cb066e9f304583bd6e6d8c
Merge: 998b77767 ac9b34859
Author: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue Jun 16 07:54:08 2026 +0200
Merge branch '7.1-updates' into 'debian/latest'
Update to 7.1
See merge request kernel-team/linux!1982
commit 68e50da522e42055315106cfb3d4fec579568505
Author: Baoli Zhang <baoli.zhang@linux.intel.com>
Date: Mon Jun 8 11:06:36 2026 +0800
[amd64] Enable PPS_GENERATOR_TIO signal generator as module
Enable PPS_GENERATOR_TIO driver for Intel TGPIO (Time-aware GPIO) PPS
signal generator. This driver generates precise Pulse Per Second (PPS)
signals at prescribed times based on the system clock using Intel's
TGPIO hardware, time translation, and high-resolution timers.
Intel TGPIO (Time-aware GPIO) is a hardware feature present on 2019
and newer Intel CPUs that provides nanosecond-level precision for PPS
signal generation through specialized GPIO pins with hardware-based
timing control.
This is useful for time synchronization applications requiring precise
external timing signals, such as:
- Network time synchronization (PTP, NTP)
- Test and measurement equipment
- Industrial control systems
- Telecommunications infrastructure
The driver requires specialized external hardware to observe the
generated pulses. Built as a module for on-demand loading on compatible
Intel systems with TGPIO support.
Signed-off-by: Baoli Zhang <baoli.zhang@linux.intel.com>
commit 27bcb7cbba0dd074650a3a18eb9b040305a3d01b
Author: Baoli Zhang <baoli.zhang@linux.intel.com>
Date: Mon Jun 8 11:06:14 2026 +0800
[amd64] Enable MIPI I3C HCI drivers as module
Enable MIPI_I3C_HCI and MIPI_I3C_HCI_PCI drivers for MIPI I3C Host
Controller Interface support. These drivers provide support for I3C
(Improved Inter-Integrated Circuit) bus controllers that implement
the MIPI I3C HCI specification.
I3C is an evolution of I2C with higher speeds, lower power, and
additional features like in-band interrupts. The HCI specification
defines a standard hardware interface for I3C controllers.
Built as modules for on-demand loading on systems with compatible
hardware.
Signed-off-by: Baoli Zhang <baoli.zhang@linux.intel.com>
commit 60169239d4973aca9adf29620a72be72dfe15102
Author: Baoli Zhang <baoli.zhang@linux.intel.com>
Date: Wed Apr 22 10:11:14 2026 +0800
[amd64] Enable VIDEO_LT6911UXE HDMI to MIPI bridge as module
Enable VIDEO_LT6911UXE driver for Lontium LT6911UXE HDMI to MIPI CSI-2
bridge decoder. This bridge chip converts HDMI video input to MIPI CSI-2
output, allowing HDMI capture on Intel IPU-equipped platforms.
The driver is commonly used with Intel IPU6/IPU7 camera subsystems to:
- Capture HDMI video from external sources
- Enable video conferencing setups with HDMI cameras
- Support external video input on Intel platforms
Built as a module to allow on-demand loading on systems with the
LT6911UXE hardware.
Signed-off-by: Baoli Zhang <baoli.zhang@linux.intel.com>
commit 146864e06ccc566ff966445b8173501c748a5e7f
Author: Baoli Zhang <baoli.zhang@linux.intel.com>
Date: Wed Apr 22 10:05:29 2026 +0800
[amd64] Enable EDAC_IMH driver as module
Enable EDAC_IMH for Intel Integrated Memory/IO Hub Memory Controller
error detection and correction support. This driver supports the MC IP
first used on Intel Diamond Rapids servers and future platforms.
The driver requires X86_MCE_INTEL (enabled) and ACPI support, with
optional ACPI_NFIT for non-volatile DIMM support. Built as a module
to allow on-demand loading on systems with compatible hardware.
Signed-off-by: Baoli Zhang <baoli.zhang@linux.intel.com>
commit ac9b34859a7aea8b8e0255cb86762da02bcd1604
Author: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun Jun 14 21:42:35 2026 +0200
Update to 7.1
commit 998b7776778a725b004cadf6b3ed5134db77abb5
Merge: dd87e68e9 9179b9563
Author: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun Jun 14 21:47:59 2026 +0200
Merge branch 'rv64-disable-cfi' into 'debian/latest'
[riscv64] disable RISCV_USER_CFI
See merge request kernel-team/linux!1979
commit 9179b95639ffdfa862900e73567d561f352a5f1f
Author: Aurelien Jarno <aurelien@aurel32.net>
Date: Sat Jun 13 22:47:08 2026 +0200
[riscv64] disable RISCV_USER_CFI
Starting with Linux 7.0, RISCV_USER_CFI is enabled by default. On CPUs
without the Zimop extension, this has no effect. On CPUs with the Zimop
extension, this enables support for shadow stack and landing pad
support.
This also provide a VDSO built with these features. While it is still
usable even from non-CFI enabled binaries (as long as CFI is not enabled
through the prctl interface) this causes some issues with backtraces.
Disable it for now as Debian hasn't enabled CFI support on the userland
side and RVA23 hardware starts to become available.
commit dd87e68e964fc4cec2e0408550198e7153a1758a
Merge: 0aba03629 990d5b0cf
Author: Ben Hutchings <benh@debian.org>
Date: Fri Jun 12 12:38:13 2026 +0200
Merge branch 'fix-vdso-missing' into 'debian/latest'
Fix build failure over missing vdso debug files
See merge request kernel-team/linux!1977
commit 990d5b0cf276403ee62a9af450d32719bdaaa3ed
Author: Bastian Blank <waldi@debian.org>
Date: Fri Jun 12 09:49:12 2026 +0200
Fix build failure over missing vdso debug files
commit 06e809a07437706a6ae370e061749eb23bfc7aef
Author: Emanuele Rocca <ema@debian.org>
Date: Thu Jun 11 09:52:48 2026 +0000
[arm64] enable CONFIG_ARM64_MPAM
Memory Partitioning and Monitoring (MPAM) is an Armv8.4+ feature to isolate
tasks that share memory system resources, such as caches, from each other.
The driver only probes when ACPI MPAM tables are present, so on systems
without firmware support it does nothing.
Among the 80 debian patches available in version 7.0.12-2 of the package, we noticed the following issues:
![[bug history graph]](https://qa.debian.org/data/bts/graphs/l/linux.png){kind=link}