Your message dated Sat, 10 Jan 2026 11:52:34 +0000
with message-id <[email protected]>
and subject line Released with 13.3
has caused the Debian Bug report #1124620,
regarding trixie-pu: package debian-security-support/1:13+2026.01.04
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1124620: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124620
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: security
X-Debbugs-Cc: [email protected], Debian Security Team
<[email protected]>
Control: affects -1 + src:debian-security-support
User: [email protected]
Usertags: pu
[ Reason ]
To inform the users about the following changes:
debian-security-support (1:13+2026.01.04) trixie; urgency=medium
[ Holger Levsen ]
* deb13: mark wpewebkit as unsupported. Closes: #1118273.
[ Jochen Sprickerhof ]
* deb13+12+11: mark hdf5 as limited supported. Closes: 1117607.
[ Moritz Muehlenhoff ]
* deb13+12: mark zabbix as limited support. Closes: #1124558.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Other info ]
(Anything else the release team should know.)
Thank you for your work on trixie!
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
When you’re used to privilege, equality feels like oppression.
diff -Nru debian-security-support-13+2025.07.16/debian/changelog debian-security-support-13+2026.01.04/debian/changelog
--- debian-security-support-13+2025.07.16/debian/changelog 2025-07-16 14:09:24.000000000 +0200
+++ debian-security-support-13+2026.01.04/debian/changelog 2026-01-04 13:09:01.000000000 +0100
@@ -1,3 +1,16 @@
+debian-security-support (1:13+2026.01.04) trixie; urgency=medium
+
+ [ Holger Levsen ]
+ * deb13: mark wpewebkit as unsupported. Closes: #1118273.
+
+ [ Jochen Sprickerhof ]
+ * deb13+12+11: mark hdf5 as limited supported. Closes: 1117607.
+
+ [ Moritz Muehlenhoff ]
+ * deb13+12: mark zabbix as limited support. Closes: #1124558.
+
+ -- Holger Levsen <[email protected]> Sun, 04 Jan 2026 13:09:01 +0100
+
debian-security-support (1:13+2025.07.16) unstable; urgency=medium
[ Santiago Ruano Rincón ]
diff -Nru debian-security-support-13+2025.07.16/security-support.deb11 debian-security-support-13+2026.01.04/security-support.deb11
--- debian-security-support-13+2025.07.16/security-support.deb11 2025-07-12 12:36:57.000000000 +0200
+++ debian-security-support-13+2026.01.04/security-support.deb11 2026-01-04 13:08:38.000000000 +0100
@@ -23,6 +23,7 @@
gobgp limited See https://www.debian.org/releases/bullseye/amd64/release-notes.en.txt (Section 5.2.1.3)
golang.* limited See https://www.debian.org/releases/bullseye/amd64/release-notes.en.txt (Section 5.2.1.3)
gpac non-supported 1.0.1+dfsg1-4+deb11u3 2024-08-08 https://lists.debian.org/debian-lts/2024/08/msg00007.html
+hdf5 limited Not covered by security support, only suitable for trusted content, see #1117722
intel-mediasdk non-supported 21.1.0-1 2024-11-07 abandoned upstream, upstream does not publish enough information to fix issues.
iotjs non-supported 1.0+715-1 2024-08-15 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078334
jython non-supported 2.7.2+repack1-3 2024-09-29 Includes python2.7 stdlib https://lists.debian.org/debian-lts/2024/08/msg00057.html
diff -Nru debian-security-support-13+2025.07.16/security-support.deb12 debian-security-support-13+2026.01.04/security-support.deb12
--- debian-security-support-13+2025.07.16/security-support.deb12 2025-07-12 12:35:35.000000000 +0200
+++ debian-security-support-13+2026.01.04/security-support.deb12 2026-01-04 13:08:38.000000000 +0100
@@ -20,6 +20,7 @@
gnupg1 limited See #982258 and https://www.debian.org/releases/stretch/amd64/release-notes/ch-whats-new.en.html#modern-gnupg
gobgp limited See https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking
golang.* limited See https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking
+hdf5 limited Not covered by security support, only suitable for trusted content, see #1117722
intel-mediasdk non-supported 22.5.4-1 2024-11-21 abandoned upstream, upstream does not publish enough information to fix issues.
jython limited Includes python2.7 stdlib, support limited until Py3 port, see #975058 and https://lists.debian.org/debian-lts/2024/08/msg00027.html
kde4libs limited khtml has no security support upstream, only for use on trusted content
@@ -42,4 +43,5 @@
tiles limited Only supported for building packages, #1057343
vte limited Not covered by security support, only used by debian-installer, #1082885
wpewebkit non-supported 2.38.6-1 2023-05-09 https://bugs.debian.org/1035794
+zabbix limited The WEB UI is only supported for access by trusted users, no security updates issued for it, #1124558
zoneminder limited See README.Debian.security, only supported behind an authenticated HTTP zone, #922724
diff -Nru debian-security-support-13+2025.07.16/security-support.deb13 debian-security-support-13+2026.01.04/security-support.deb13
--- debian-security-support-13+2025.07.16/security-support.deb13 2025-07-12 11:44:36.000000000 +0200
+++ debian-security-support-13+2026.01.04/security-support.deb13 2026-01-04 12:55:18.000000000 +0100
@@ -20,6 +20,7 @@
gnupg1 limited See #982258 and https://www.debian.org/releases/stretch/amd64/release-notes/ch-whats-new.en.html#modern-gnupg
gobgp limited See https://www.debian.org/releases/trixie/release-notes/issues.en.html#go-and-rust-based-packages
golang.* limited See https://www.debian.org/releases/trixie/release-notes/issues.en.html#go-and-rust-based-packages
+hdf5 limited Not covered by security support, only suitable for trusted content, see #1117722
isc-dhcp non-supported 4.4.3-P1-2 2023-07-05 https://lists.isc.org/pipermail/dhcp-users/2022-October/022786.html
jython limited Includes python2.7 stdlib, support limited until Py3 port, see #975058 and https://lists.debian.org/debian-lts/2024/08/msg00027.html
kde4libs limited khtml has no security support upstream, only for use on trusted content
@@ -39,4 +40,6 @@
sql-ledger limited Only supported behind an authenticated HTTP zone
tiles limited Only supported for building packages, #1057343
vte limited Not covered by security support, only used by debian-installer, #1082885
+wpewebkit non-supported 2.38.6-1 2026-01-04 wpewebkit is generally unsupported from bookworm onwards, see #1118273, #1035997 and #1035794
+zabbix limited The WEB UI is only supported for access by trusted users, no security updates issued for it, #1124558
zoneminder limited See README.Debian.security, only supported behind an authenticated HTTP zone, #922724
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Package: release.debian.org\nVersion: 13.3\n\nThis update has been released as
part of Debian 13.3.
--- End Message ---
