#1138294 debian-security-support: mark some packages as non supported in bookworm LTS

#1138294#5
Date:
2026-05-30 15:39:09 UTC
From:
To:
As per the input from the security team (thanks a lot!), this is a list
of packages whose security support during the LTS period of bookworm is
too complex or unfeasible:

crypto libraries with a few limited rdeps and not really meaningful long
term support:
- mbedtls
- wolfssl

packages for which the security team issued a DSA for trixie-security,
but for which some significant vulnerabilities were found to tricky to
backport to bookworm:
- smb4k (https://bugs.debian.org/1136949)
- lxd
- opennds

completely inactive upstream with open security issues:
- mimetex

open security issues but no rdeps, so no real use (it was only added for
gitlab):
- ruby-saml

Cheers,

#1138294#8
Date:
2026-05-31 20:04:17 UTC
From:
To:
Hello,

Bug #1138294 in debian-security-support reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/debian/debian-security-support/-/commit/7552a90904acd5295ed6ec9db15ccfc405a076d0
------------------------------------------------------------------------
Mark some packages as non supported in bookworm LTS

By the input from the security team, these packages are difficult to
support for the LTS period of bookworm:

- lxd: has open vulnerabilities whose fixes are too complex to be
  backported.
- mbedtls: crytpo library difficult to support in the long term
- mimetex: upstream project no longer exists
- opennds: open vulnerabilities whose fixes are too complex to be
  backported.
- ruby-saml: was introduced for gitlab, and no reverse dependencies
  remain in bookworm
- smb4k: open vulnerabilities whose fixes are too complex to be
  backported.
- wolfssl: crypto library difficult to support in the long term.

Closes: #1138294
Signed-off-by: Santiago Ruano Rincón <santiago@debian.org>
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1138294

#1138294#13
Date:
2026-06-01 08:26:28 UTC
From:
To:
Hello,

Bug #1138294 in debian-security-support reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/debian/debian-security-support/-/commit/dab6c51e5eeb0489b2160b521566b2c1ebe8f4d4
------------------------------------------------------------------------
Mark some packages as non supported in bookworm LTS

By the input from the security team, these packages are difficult to
support for the LTS period of bookworm:

- lxd: has open vulnerabilities whose fixes are too complex to be
  backported.
- mbedtls: crytpo library difficult to support in the long term
- mimetex: upstream project no longer exists
- opennds: open vulnerabilities whose fixes are too complex to be
  backported.
- ruby-saml: was introduced for gitlab, and no reverse dependencies
  remain in bookworm
- smb4k: open vulnerabilities whose fixes are too complex to be
  backported.
- wolfssl: crypto library difficult to support in the long term.

Closes: #1138294
Signed-off-by: Santiago Ruano Rincón <santiago@debian.org>
(cherry picked from commit 7552a90904acd5295ed6ec9db15ccfc405a076d0)
Signed-off-by: Holger Levsen <holger@layer-acht.org>
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1138294

#1138294#16
Date:
2026-06-30 11:39:52 UTC
From:
To:
Hello,

Bug #1138294 in debian-security-support reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/debian/debian-security-support/-/commit/0f2b054aa35a50da82166a8f91d2eb4083142c64
------------------------------------------------------------------------
Mark some packages as non supported in bookworm LTS

By the input from the security team, these packages are difficult to
support for the LTS period of bookworm:

- lxd: has open vulnerabilities whose fixes are too complex to be
  backported.
- mbedtls: crytpo library difficult to support in the long term
- mimetex: upstream project no longer exists
- opennds: open vulnerabilities whose fixes are too complex to be
  backported.
- ruby-saml: was introduced for gitlab, and no reverse dependencies
  remain in bookworm
- smb4k: open vulnerabilities whose fixes are too complex to be
  backported.
- wolfssl: crypto library difficult to support in the long term.

Closes: #1138294
Signed-off-by: Santiago Ruano Rincón <santiago@debian.org>
(cherry picked from commit 7552a90904acd5295ed6ec9db15ccfc405a076d0)
Signed-off-by: Holger Levsen <holger@layer-acht.org>
(cherry picked from commit dab6c51e5eeb0489b2160b521566b2c1ebe8f4d4)
Signed-off-by: Santiago Ruano Rincón <santiago@debian.org>
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1138294