Your message dated Mon, 13 Jul 2026 09:04:32 +0100
with message-id <[email protected]>
and subject line Re: Bug#1140802: Acknowledgement (trixie-pu: package xz-utils
5.8.3-0+deb13u1)
has caused the Debian Bug report #1140802,
regarding trixie-pu: package xz-utils 5.8.3-0+deb13u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1140802: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1140802
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: trixie
User: [email protected]
Usertags: pu
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:xz-utils
To fix CVE-2026-34743 I have prepared an update of xz-utils, pending review
at
https://salsa.debian.org/debian/xz-utils/-/merge_requests/6
I will post the final debdiff here once the review is complete and the
final version is known.
--- End Message ---
--- Begin Message ---
Control: tag -1 wontfix
Hi,
On Sat, Jun 27, 2026 at 02:00:04PM +0300, Otto Kekäläinen wrote:
> Changelog:
>
> xz-utils (5.8.3-0+deb13u1) trixie; urgency=medium
>
> * Import 5.8.3
> - Includes security fix for CVE-2026-34743, for which upstream states it’s
> likely that this bug cannot be triggered in any real-world application,
> see https://tukaani.org/xz/index-append-overflow.html (Closes: #1132497)
> - Soname updated from liblzma.so.5.8.1 -> liblzma.so.5.8.3 as in all new
> versions, but ABI remains compatible with the 5.8 series
> - New man pages in Arabic and Swedish
> - Documentation of liblzma had several JS scripts and images removed, and
> images replaced with new versions
> * Add myself as uploader and prepare gbp.conf and salsa-ci.yml for easier
> maintenance of this package in Trixie (and later potentially in LTS)
With the security issue already fixed the rest does not seem to reach the
criteria for a stable update; closing.
Thanks,
--
Jonathan Wiltshire [email protected]
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
--- End Message ---