Fabre

#1140801 bookworm-pu: package xz-utils 5.4.1-2+deb12u1 #1140801

Package:: release.debian.org

Source:: release.debian.org

Submitter:: Otto Kekäläinen

Date:: 2026-06-27 10:59:02 UTC

Severity:: normal

Tags:

#1140801#5

Date:: 2026-06-26 17:13:17 UTC

From:

To:

To fix CVE-2026-34743 I have prepared an update of xz-utils, pending review
at
https://salsa.debian.org/debian/xz-utils/-/merge_requests/5

I will post the final debdiff here once the review is complete and the
final version is known.

#1140801#12

Date:: 2026-06-27 10:56:16 UTC

From:

To:

Changelog:

xz-utils (5.4.1-2+deb12u1) bookworm; urgency=medium

  * Backport upstream security fix for CVE-2026-34743, for which upstream states
    it's likely that this bug cannot be triggered in any real-world application,
    see https://tukaani.org/xz/index-append-overflow.html (Closes: #1132497)
  * Add myself as uploader and prepare gbp.conf and salsa-ci.yml for easier
    maintenance of this package in Bookworm (and later potentially in LTS)


Debdiff attached. Produced with:

apt source xz-utils/bookworm
debdiff xz-utils_5.4.1-1.dsc xz-utils_5.4.1-2+deb12u1.dsc >
xz-utils_5.4.1-1-5.4.1-2+deb12u1.debdiff

#1140801 bookworm-pu: package xz-utils 5.4.1-2+deb12u1 #1140801

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)