Bug#1124620: trixie-pu: package debian-security-support/1:13+2026.01.04

Holger Levsen Sun, 04 Jan 2026 04:39:22 -0800

Package: release.debian.org
Severity: normal
Tags: security
X-Debbugs-Cc: [email protected], Debian Security Team 
<[email protected]>
Control: affects -1 + src:debian-security-support
User: [email protected]
Usertags: pu


[ Reason ]
To inform the users about the following changes:

debian-security-support (1:13+2026.01.04) trixie; urgency=medium

  [ Holger Levsen ]
  * deb13: mark wpewebkit as unsupported. Closes: #1118273.

  [ Jochen Sprickerhof ]
  * deb13+12+11: mark hdf5 as limited supported. Closes: 1117607.

  [ Moritz Muehlenhoff ]
  * deb13+12: mark zabbix as limited support. Closes: #1124558.


[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Other info ]
(Anything else the release team should know.)

Thank you for your work on trixie!


-- 
cheers,
        Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

When you’re used to privilege, equality feels like oppression.

diff -Nru debian-security-support-13+2025.07.16/debian/changelog debian-security-support-13+2026.01.04/debian/changelog
--- debian-security-support-13+2025.07.16/debian/changelog	2025-07-16 14:09:24.000000000 +0200
+++ debian-security-support-13+2026.01.04/debian/changelog	2026-01-04 13:09:01.000000000 +0100
@@ -1,3 +1,16 @@
+debian-security-support (1:13+2026.01.04) trixie; urgency=medium
+
+  [ Holger Levsen ]
+  * deb13: mark wpewebkit as unsupported. Closes: #1118273.
+
+  [ Jochen Sprickerhof ]
+  * deb13+12+11: mark hdf5 as limited supported. Closes: 1117607.
+
+  [ Moritz Muehlenhoff ]
+  * deb13+12: mark zabbix as limited support. Closes: #1124558.
+
+ -- Holger Levsen <[email protected]>  Sun, 04 Jan 2026 13:09:01 +0100
+
 debian-security-support (1:13+2025.07.16) unstable; urgency=medium
 
   [ Santiago Ruano Rincón ]
diff -Nru debian-security-support-13+2025.07.16/security-support.deb11 debian-security-support-13+2026.01.04/security-support.deb11
--- debian-security-support-13+2025.07.16/security-support.deb11	2025-07-12 12:36:57.000000000 +0200
+++ debian-security-support-13+2026.01.04/security-support.deb11	2026-01-04 13:08:38.000000000 +0100
@@ -23,6 +23,7 @@
 gobgp                            limited  See https://www.debian.org/releases/bullseye/amd64/release-notes.en.txt (Section 5.2.1.3)
 golang.*                         limited  See https://www.debian.org/releases/bullseye/amd64/release-notes.en.txt (Section 5.2.1.3)
 gpac                             non-supported   1.0.1+dfsg1-4+deb11u3            2024-08-08  https://lists.debian.org/debian-lts/2024/08/msg00007.html
+hdf5                             limited  Not covered by security support, only suitable for trusted content, see #1117722
 intel-mediasdk                   non-supported   21.1.0-1                         2024-11-07  abandoned upstream, upstream does not publish enough information to fix issues.
 iotjs                            non-supported   1.0+715-1                        2024-08-15  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078334
 jython                           non-supported   2.7.2+repack1-3                  2024-09-29  Includes python2.7 stdlib https://lists.debian.org/debian-lts/2024/08/msg00057.html
diff -Nru debian-security-support-13+2025.07.16/security-support.deb12 debian-security-support-13+2026.01.04/security-support.deb12
--- debian-security-support-13+2025.07.16/security-support.deb12	2025-07-12 12:35:35.000000000 +0200
+++ debian-security-support-13+2026.01.04/security-support.deb12	2026-01-04 13:08:38.000000000 +0100
@@ -20,6 +20,7 @@
 gnupg1                      limited  See #982258 and https://www.debian.org/releases/stretch/amd64/release-notes/ch-whats-new.en.html#modern-gnupg
 gobgp                       limited  See https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking
 golang.*                    limited  See https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#golang-static-linking
+hdf5                        limited  Not covered by security support, only suitable for trusted content, see #1117722
 intel-mediasdk              non-supported   22.5.4-1  2024-11-21  abandoned upstream, upstream does not publish enough information to fix issues.
 jython                      limited  Includes python2.7 stdlib, support limited until Py3 port, see #975058 and https://lists.debian.org/debian-lts/2024/08/msg00027.html
 kde4libs                    limited  khtml has no security support upstream, only for use on trusted content
@@ -42,4 +43,5 @@
 tiles                       limited  Only supported for building packages, #1057343
 vte                         limited  Not covered by security support, only used by debian-installer, #1082885
 wpewebkit                   non-supported   2.38.6-1  2023-05-09  https://bugs.debian.org/1035794
+zabbix                      limited  The WEB UI is only supported for access by trusted users, no security updates issued for it, #1124558
 zoneminder                  limited  See README.Debian.security, only supported behind an authenticated HTTP zone, #922724
diff -Nru debian-security-support-13+2025.07.16/security-support.deb13 debian-security-support-13+2026.01.04/security-support.deb13
--- debian-security-support-13+2025.07.16/security-support.deb13	2025-07-12 11:44:36.000000000 +0200
+++ debian-security-support-13+2026.01.04/security-support.deb13	2026-01-04 12:55:18.000000000 +0100
@@ -20,6 +20,7 @@
 gnupg1                      limited  See #982258 and https://www.debian.org/releases/stretch/amd64/release-notes/ch-whats-new.en.html#modern-gnupg
 gobgp                       limited  See https://www.debian.org/releases/trixie/release-notes/issues.en.html#go-and-rust-based-packages
 golang.*                    limited  See https://www.debian.org/releases/trixie/release-notes/issues.en.html#go-and-rust-based-packages
+hdf5                        limited  Not covered by security support, only suitable for trusted content, see #1117722
 isc-dhcp                    non-supported   4.4.3-P1-2       2023-07-05  https://lists.isc.org/pipermail/dhcp-users/2022-October/022786.html
 jython                      limited  Includes python2.7 stdlib, support limited until Py3 port, see #975058 and https://lists.debian.org/debian-lts/2024/08/msg00027.html
 kde4libs                    limited  khtml has no security support upstream, only for use on trusted content
@@ -39,4 +40,6 @@
 sql-ledger                  limited  Only supported behind an authenticated HTTP zone
 tiles                       limited  Only supported for building packages, #1057343
 vte                         limited  Not covered by security support, only used by debian-installer, #1082885
+wpewebkit                   non-supported   2.38.6-1  2026-01-04  wpewebkit is generally unsupported from bookworm onwards, see #1118273, #1035997 and #1035794
+zabbix                      limited  The WEB UI is only supported for access by trusted users, no security updates issued for it, #1124558
 zoneminder                  limited  See README.Debian.security, only supported behind an authenticated HTTP zone, #922724

signature.asc
Description: PGP signature

Bug#1124620: trixie-pu: package debian-security-support/1:13+2026.01.04

Reply via email to