Version 8941+dfsg-1 of llama.cpp is marked for autoremoval from testing on Wed 03 Jun 2026. It depends (transitively) on golang-github-containers-common, starlette, affected by #1133240, #1134850. You should try to prevent the removal by fixing these RC bugs.
CVE-2026-2069:
A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llama_grammar_advance_stack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This manipulation causes stack-based buffer overflow. The attack needs to be launched locally. The exploit has been published and may be used. Patch name: 18993. To fix this issue, it is recommended to deploy a patch.
CVE-2026-2069:
A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llama_grammar_advance_stack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This manipulation causes stack-based buffer overflow. The attack needs to be launched locally. The exploit has been published and may be used. Patch name: 18993. To fix this issue, it is recommended to deploy a patch.
Lintian reports
8 warnings
about this package. You should make the package lintian clean getting rid of them.
testing migrations
This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it.
You can probably find supplementary information in the
debian-release
archives or in the corresponding
release.debian.org
bug.
Migration status for llama.cpp (8941+dfsg-1 to 9009+dfsg-1): Waiting for test results or another package, or too young (no action required now - check later)
![[bug history graph]](https://qa.debian.org/data/bts/graphs/l/llama.cpp.png){kind=link}