#1140902 trixie-pu: package qemu/1:10.0.11+ds-0+deb13u1

Package:
release.debian.org
Source:
release.debian.org
Submitter:
Michael Tokarev
Date:
2026-06-28 05:49:02 UTC
Severity:
normal
Tags:
#1140902#5
Date:
2026-06-28 05:47:20 UTC
From:
To:
[ Reason ]
This is a new upstream stable/bugfix release (in 10.0.x LTS series),
fixing a big number of defects all over the places, including several
security fixes:
  CVE-2026-6425
  CVE-2026-8343
  CVE-2026-48002
  CVE-2026-48003
  CVE-2026-48004
  CVE-2026-48914 (#1139923)
  CVE-2026-48915

[ Tests ]
The release passes upstream testsuite (not all of it unfortunately,
since some test environments, for example cirrus-ci, has been shut
down).

I also verified it with my usual set of guest images, including
several versions of Windows, a few releases of Linux, Hurd and FreeBSD
guests, - with no noticed new issues.

[ Risks ]
As usual with qemu stable releases, there are many changes in there.
But most of them are simple, focused, and easy to check.

Usually the risk is rather small.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
See debian/changelog (first in debdiff below) for a short list of
upstream commits.  A more useful list might be found in git (mirrored
on salsa), https://salsa.debian.org/qemu-team/qemu/-/commits/upstream-10.0 ,
especially https://salsa.debian.org/qemu-team/qemu/-/commits/v10.0.11 ,
up to v10.0.10 tag (which is queued up for trixie inclusion, #1139679).

[ Other Info ]
I'm uploading this version into the archive to save a round-trip here and
to - hopefully - reduce load on the release team a little bit.  Feel free
to reject it.

Thanks,

/mjt