Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: [email protected], 
[email protected], Debian Security Team <[email protected]>
Control: affects -1 + src:debian-security-support
User: [email protected]
Usertags: pu

[ Reason ]
debian-security-support needs to be updated in bookworm to let users
know about the changes in the security support. The proposed upload
sync's with the changes already applied in debian unstable.

[ Impact ]
Less visibility about packages not supported or with limited support.

[ Tests ]
- The package has a test suite run at build time.
- https://debusine.debian.net/debian/developers/work-request/902429/
  (while autopkgtest fails by the autodep8-perl-build-deps test, QA
  tracking doesn't report any regression).

[ Risks ]
Low risk. The changes are trivial.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
- Changes in security-support-ended.deb12 relate to packages no longer
  supported in bookworm.
- Changes in security-support-limited document a couple of packages
  whose support is limited.

[ Other info ]
N/A

Thanks!
diff -Nru debian-security-support-12+2026.01.04/debian/changelog 
debian-security-support-12+2026.06.30/debian/changelog
--- debian-security-support-12+2026.01.04/debian/changelog      2026-01-04 
09:20:51.000000000 -0300
+++ debian-security-support-12+2026.06.30/debian/changelog      2026-06-30 
08:47:06.000000000 -0300
@@ -1,3 +1,16 @@
+debian-security-support (1:12+2026.06.30) bookworm; urgency=medium
+
+  * Add myself to Uploaders
+  * Mark suricata as non-supported in bookworm. Thanks to Andreas Dolp
+    (Closes: #1134367)
+  * Set qt6-webengine as limited support. Thanks to Jeremy Bícha.
+  * Mark webkit2gtk in bookworm with limited support. Thanks to Emilio
+    Pozuelo. (Closes: #1135152)
+  * Mark some packages as non supported in bookworm LTS. Thanks to the
+    Security Team. (Closes: #1138294)
+
+ -- Santiago Ruano Rincón <[email protected]>  Tue, 30 Jun 2026 08:47:06 
-0300
+
 debian-security-support (1:12+2026.01.04) bookworm; urgency=medium
 
   [ Holger Levsen ]
diff -Nru debian-security-support-12+2026.01.04/debian/control 
debian-security-support-12+2026.06.30/debian/control
--- debian-security-support-12+2026.01.04/debian/control        2026-01-04 
09:20:28.000000000 -0300
+++ debian-security-support-12+2026.06.30/debian/control        2026-06-30 
08:14:28.000000000 -0300
@@ -4,6 +4,7 @@
 Maintainer: Debian Security Team <[email protected]>
 Uploaders: Holger Levsen <[email protected]>,
            Utkarsh Gupta <[email protected]>,
+           Santiago Ruano Rincón <[email protected]>,
 Build-Depends: debhelper-compat (= 13),
     asciidoc,
     gettext,
diff -Nru debian-security-support-12+2026.01.04/security-support-ended.deb12 
debian-security-support-12+2026.06.30/security-support-ended.deb12
--- debian-security-support-12+2026.01.04/security-support-ended.deb12  
2026-01-04 09:20:28.000000000 -0300
+++ debian-security-support-12+2026.06.30/security-support-ended.deb12  
2026-06-30 08:38:43.000000000 -0300
@@ -18,3 +18,11 @@
 dnsdist         1.7.3-2                 2025-10-01      No security support 
upstream and backports not feasible, only for use on private and trusted network
 pdns            4.7.3-2                 2025-10-01      No security support 
upstream and backports not feasible, only for use on private and trusted network
 pdns-recursor   4.8.8-1+deb12u1         2025-10-01      No security support 
upstream and backports not feasible, only for use on private and trusted network
+suricata        1:6.0.10-1              2026-04-30      Upstream security 
support ended in Aug 2024 and backporting fixes is now unfeasible. See: 
https://bugs.debian.org/1134367
+lxd             5.0.2-5+deb12u6         2026-06-12      Security fixes for 
open vulnerabilities are too complex to be backported; see: 
https://bugs.debian.org/1138294
+mbedtls         2.16.9-0.1+deb11u4      2026-06-12      Crypto library 
difficult to support in the long term; see: https://bugs.debian.org/1138294
+mimetex         1.76-2                  2026-06-12      Upstream project no 
longer exists; see: https://bugs.debian.org/1138294
+opennds         9.10.0-1                2026-06-12      Security fixes for 
open vulnerabilities are too complex to be backported; see: 
https://bugs.debian.org/1138294
+ruby-saml       1.13.0-1+deb12u1        2026-06-12      Old gitlab dependency; 
no reverse dependencies remain in bookworm; see: https://bugs.debian.org/1138294
+smb4k           3.1.7-1                 2026-06-12      Security fixes for 
open vulnerabilities are too complex to be backported; see: 
https://bugs.debian.org/1136949, https://bugs.debian.org/1138294
+wolfssl         5.5.4-2+deb12u2         2026-06-12      Crypto library 
difficult to support in the longterm; see: https://bugs.debian.org/1138294
diff -Nru debian-security-support-12+2026.01.04/security-support-limited 
debian-security-support-12+2026.06.30/security-support-limited
--- debian-security-support-12+2026.01.04/security-support-limited      
2026-01-04 09:20:51.000000000 -0300
+++ debian-security-support-12+2026.06.30/security-support-limited      
2026-06-30 08:35:19.000000000 -0300
@@ -26,6 +26,7 @@
 musescore2      Only supported with trusted files, see README.Debian shipped 
in package and #1070860
 musescore3      Only supported with trusted files, see README.Debian shipped 
in package and #1070860
 ocsinventory-server Only supported behind an authenticated HTTP zone
+qt6-webengine   No security support upstream and backports not feasible, only 
for use on trusted content
 qtwebengine-opensource-src No security support upstream and backports not 
feasible, only for use on trusted content
 qtwebkit        No security support upstream and backports not feasible, only 
for use on trusted content
 qtwebkit-opensource-src No security support upstream and backports not 
feasible, only for use on trusted content
@@ -33,5 +34,6 @@
 sql-ledger      Only supported behind an authenticated HTTP zone
 tiles           Only supported for building packages, #1057343
 vte             Not covered by security support, only used by 
debian-installer, #1082885
+webkit2gtk      Can no longer be backported to bookworm; see 
https://lists.debian.org/debian-security-announce/2026/msg00142.html; only for 
use on trusted content
 zabbix          The WEB UI is only supported for access by trusted users, no 
security updates issued for it, #1124558
 zoneminder      See README.Debian.security, only supported behind an 
authenticated HTTP zone, #922724

Attachment: signature.asc
Description: PGP signature

Reply via email to