There are 260 open security issues in trixie.
There are 102 open security issues in sid.
There are 1254 open security issues in bullseye.
There are 473 open security issues in bookworm.
You can find information about how to handle these issues in the security team's documentation.
There are 636 open security issues in buster.
commit 0b230216be7c53ebd6ab510ed987d6d6cb4aecd2 Merge: 6cac48381 ff88b7b8f Author: Salvatore Bonaccorso <carnil@debian.org> Date: Sat May 3 13:18:48 2025 +0000 Merge branch 'enable-uclamp-task' into 'debian/latest' init: Enable UCLAMP_TASK and UCLAMP_TASK_GROUP (Utilization clamping) See merge request kernel-team/linux!1492 commit ff88b7b8fb87fe2618926cf69f5ca066428b3456 Author: Salvatore Bonaccorso <carnil@debian.org> Date: Fri May 2 23:34:24 2025 +0200 init: Enable UCLAMP_TASK and UCLAMP_TASK_GROUP (Utilization clamping) Closes: #1036666 commit 6cac483810c5ea4504755f027b7ea3abc8761a76 Merge: 2e158f264 3cdb20cf9 Author: Ben Hutchings <benh@debian.org> Date: Fri May 2 22:42:30 2025 +0200 Merge branch 'enable-ipv6-rpl-lwtunnel' into debian/latest net/ipv6: Enable IPV6_RPL_LWTUNNEL See merge request kernel-team/linux!1488 commit 2e158f26477b56ff16f44476f2bf418e9c13fcfa Merge: 1cc75b331 fb9e9b441 Author: Ben Hutchings <benh@debian.org> Date: Fri May 2 22:32:25 2025 +0200 Merge branch 'lintian-fixes' into debian/latest Fix various lintian errors and warnings See merge request kernel-team/linux!1466 commit 1cc75b331a54f108f3d724f6a1f32ab4d96083d3 Merge: dfcae3513 4d26a01f3 Author: Ben Hutchings <benh@debian.org> Date: Fri May 2 22:24:47 2025 +0200 Merge branch 'udeb-mtk-cmdq-mailbox' into debian/latest [arm64] udeb: Add mtk-cmdq-mailbox to kernel-image See merge request kernel-team/linux!1471 commit 3cdb20cf91dae7d41cbabd66bc84b17577285994 Author: Salvatore Bonaccorso <carnil@debian.org> Date: Fri May 2 17:50:44 2025 +0200 net/ipv6: Enable IPV6_RPL_LWTUNNEL Closes: #1027861 commit fb9e9b44141a5e091c2d03a718945842583bd203 Author: Ben Hutchings <benh@debian.org> Date: Sun Apr 20 16:08:09 2025 +0200 linux-doc: Use dh_sphinxdoc to replace embedded Javascript Sphinx copies some static Javascript into the output directory, which is against Debian policy. We also don't have a Built-Using reference to the Sphinx packages. Use dh_sphinxdoc to replace the copies with symlinks, and add the required Depends and Built-Using fields to the linux-doc control template. Fixes lintian warnings: W: linux-doc-6.13: embedded-javascript-library please use sphinx [usr/share/doc/linux-doc-6.13/html/_static/doctools.js] W: linux-doc-6.13: embedded-javascript-library please use sphinx [usr/share/doc/linux-doc-6.13/html/_static/language_data.js] W: linux-doc-6.13: embedded-javascript-library please use sphinx [usr/share/doc/linux-doc-6.13/html/_static/searchtools.js] commit bcb3760467ba20c3bd76a171b8469448a3ec9405 Author: Ben Hutchings <benh@debian.org> Date: Sat Apr 19 03:57:50 2025 +0200 d/rules.real: Exclude vDSOs from processing by dh_makeshlibs On architectures where we install vDSOs in linux-image-dbg packages, dh_makeshlibs is wrongly detecting these as shared libraries that should trigger an ldconfig run. Exclude them by adding the option -Xvdso. Fixes lintian warnings like: W: linux-image-6.13-amd64-dbg: package-has-unnecessary-activation-of-ldconfig-trigger commit 3c5b464d53c22874275f17a95ecbfdf40dfbc66b Author: Ben Hutchings <benh@debian.org> Date: Sat Apr 19 03:14:35 2025 +0200 d/copyright: Replace old FSF addresses with current GNU license URL We still refer to a snail mail address in the GPL-2 paragraph to get a copy of the full license. Replace this with the current GNU licenses URL. In the LGPL-2.1 paragraph we already made this change but using the insecure http URL scheme. Change it to https. Fixes lintian warnings like: W: bpftool: old-fsf-address-in-copyright-file commit 693916b11cdf7ae84ba52f320ba333ca01bcdb2a Author: Ben Hutchings <benh@debian.org> Date: Sat Apr 19 00:57:01 2025 +0200 [amd64] linux-image-cloud-amd64-dbg: lintian: Drop overrides for vdsox32.so CONFIG_X86_X32_ABI is not enabled in the cloud-amd64 flavour so we don't build vdsox32.so. Change the condition for the lintian overrides on vdsox32.ko to exclude this flavour. commit 68848a0cb4d4fba8d342d86e7a027d9216278084 Author: Ben Hutchings <benh@debian.org> Date: Fri Apr 18 23:31:50 2025 +0200 linux-image-dbg: lintian: Drop mismatched override for ... ... wrong-section-according-to-package-name. This was downgraded from warning to informational in lintian 2.5.69, and at some point the context generated for it changed format so our override doesn't match, producing warnings. I don't think it's worth overriding informational tags, so just remove the overide. commit 608d24d6c2272422abed70dafc027dfc5d6f5447 Author: Ben Hutchings <benh@debian.org> Date: Fri Apr 18 23:21:31 2025 +0200 linux-source: Suggest pkgconf, not the obsolete pkg-config Fixes lintian warning: W: linux-source-6.13 depends-on-obsolete-package Suggests: pkg-config => pkgconf commit beda9cda045179ffa7a3d8aee967fdc613982318 Author: Ben Hutchings <benh@debian.org> Date: Fri Apr 18 23:12:31 2025 +0200 [ppc64*] linux-image: Fix version in NEWS entry There was no version 6.10-1~exp2, as specified in the NEWS entry for these architectures. The changes documented here were released in version 6.10.1-1~exp1, so specify that version instead. Fixes lintian warnings like: W: linux-image-6.13-powerpc64le: debian-news-entry-has-unknown-version 6.10-1~exp2 [usr/share/doc/linux-image-6.13-powerpc64le/NEWS.Debian.gz:1] commit 107adf8c1a47c2dc8078821c0adaa27cd8f5edbd Author: Ben Hutchings <benh@debian.org> Date: Fri Apr 18 23:07:53 2025 +0200 [arm64] linux-perf: Override statically-linked-binary for asm_pure_loop This is a test program that does not link any libraries, either statically or dynamically. commit 44ac5fa729678beba9ccb6e3f44b7a0bb6cee4c3 Author: Ben Hutchings <benh@debian.org> Date: Fri Apr 18 23:06:14 2025 +0200 [riscv64] linux-image-dbg: lintian: Override shared-library-lacks-stack-section ... for vdso.so, the same as we do for several other architectures. commit 4f8ecdbb2d8b06f5b8458d95666c270c9553e7aa Author: Ben Hutchings <benh@debian.org> Date: Fri Apr 18 23:05:20 2025 +0200 linux-headers: lintian: Override another error and warning for vmlinux This 'executable' file intentionally contains only BTF sections. Override the shared-library-lacks-prerequisites warning and unstripped-binary-or-object error, and add a comment about why this file is special. commit 4d26a01f33f3d10cc37a0ada673e2c97b2394acc Author: Alper Nebi Yasak <alpernebiyasak@gmail.com> Date: Wed Apr 23 10:46:36 2025 +0300 [arm64] udeb: Add mtk-cmdq-mailbox to kernel-image The mtk-cmdq-helper driver included in the kernel-image udeb as an SoC driver used to explicitly depend on mtk-cmdq-mailbox which means the latter was also included in kernel-image. This dependency is somehow missing in v6.14, so the latter module ends up being dropped from the udeb. However, missing this module either breaks or at least degrades display initialization, so there is an implicit dependency. Since the mtk-cmdq-mailbox module is already in kernel-image on v6.12 builds, explicitly list it in that module list to fix display on the installer. Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
Among the 77 debian patches available in version 6.12.25-1 of the package, we noticed the following issues: