- Package:
- debian-security-support
- Source:
- debian-security-support
- Submitter:
- Santiago Ruano Rincón
- Date:
- 2026-06-30 11:41:02 UTC
- Severity:
- normal
- Tags:
As per the input from the security team (thanks a lot!), this is a list of packages whose security support during the LTS period of bookworm is too complex or unfeasible: crypto libraries with a few limited rdeps and not really meaningful long term support: - mbedtls - wolfssl packages for which the security team issued a DSA for trixie-security, but for which some significant vulnerabilities were found to tricky to backport to bookworm: - smb4k (https://bugs.debian.org/1136949) - lxd - opennds completely inactive upstream with open security issues: - mimetex open security issues but no rdeps, so no real use (it was only added for gitlab): - ruby-saml Cheers,
Hello, Bug #1138294 in debian-security-support reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/debian/debian-security-support/-/commit/7552a90904acd5295ed6ec9db15ccfc405a076d0 ------------------------------------------------------------------------ Mark some packages as non supported in bookworm LTS By the input from the security team, these packages are difficult to support for the LTS period of bookworm: - lxd: has open vulnerabilities whose fixes are too complex to be backported. - mbedtls: crytpo library difficult to support in the long term - mimetex: upstream project no longer exists - opennds: open vulnerabilities whose fixes are too complex to be backported. - ruby-saml: was introduced for gitlab, and no reverse dependencies remain in bookworm - smb4k: open vulnerabilities whose fixes are too complex to be backported. - wolfssl: crypto library difficult to support in the long term. Closes: #1138294 Signed-off-by: Santiago Ruano Rincón <santiago@debian.org> ------------------------------------------------------------------------ (this message was generated automatically) -- Greetings https://bugs.debian.org/1138294
Hello, Bug #1138294 in debian-security-support reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/debian/debian-security-support/-/commit/dab6c51e5eeb0489b2160b521566b2c1ebe8f4d4 ------------------------------------------------------------------------ Mark some packages as non supported in bookworm LTS By the input from the security team, these packages are difficult to support for the LTS period of bookworm: - lxd: has open vulnerabilities whose fixes are too complex to be backported. - mbedtls: crytpo library difficult to support in the long term - mimetex: upstream project no longer exists - opennds: open vulnerabilities whose fixes are too complex to be backported. - ruby-saml: was introduced for gitlab, and no reverse dependencies remain in bookworm - smb4k: open vulnerabilities whose fixes are too complex to be backported. - wolfssl: crypto library difficult to support in the long term. Closes: #1138294 Signed-off-by: Santiago Ruano Rincón <santiago@debian.org> (cherry picked from commit 7552a90904acd5295ed6ec9db15ccfc405a076d0) Signed-off-by: Holger Levsen <holger@layer-acht.org> ------------------------------------------------------------------------ (this message was generated automatically) -- Greetings https://bugs.debian.org/1138294
Hello, Bug #1138294 in debian-security-support reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/debian/debian-security-support/-/commit/0f2b054aa35a50da82166a8f91d2eb4083142c64 ------------------------------------------------------------------------ Mark some packages as non supported in bookworm LTS By the input from the security team, these packages are difficult to support for the LTS period of bookworm: - lxd: has open vulnerabilities whose fixes are too complex to be backported. - mbedtls: crytpo library difficult to support in the long term - mimetex: upstream project no longer exists - opennds: open vulnerabilities whose fixes are too complex to be backported. - ruby-saml: was introduced for gitlab, and no reverse dependencies remain in bookworm - smb4k: open vulnerabilities whose fixes are too complex to be backported. - wolfssl: crypto library difficult to support in the long term. Closes: #1138294 Signed-off-by: Santiago Ruano Rincón <santiago@debian.org> (cherry picked from commit 7552a90904acd5295ed6ec9db15ccfc405a076d0) Signed-off-by: Holger Levsen <holger@layer-acht.org> (cherry picked from commit dab6c51e5eeb0489b2160b521566b2c1ebe8f4d4) Signed-off-by: Santiago Ruano Rincón <santiago@debian.org> ------------------------------------------------------------------------ (this message was generated automatically) -- Greetings https://bugs.debian.org/1138294