[pkg-lxc-devel] Bug#1135290: bookworm-pu: package lxc/1:5.0.2-1+deb12u4
Mathias Gibbens
gibmat at debian.org
Thu Apr 30 20:38:36 BST 2026
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org at packages.debian.org
Usertags: pu
X-Debbugs-Cc: pkg-lxc-devel at lists.alioth.debian.org, team at security.debian.org, gibmat at debian.org
Control: affects -1 + src:lxc
[ Reason ]
The release of LXC 7.0 included a fix for the low severity CVE-2026-
39402. After discussion with the Security Team, this vulnerability
won't receive its own DSA, but will be addressed via the upcoming point
release.
[ Impact ]
LXC in bookworm is currently vulnerable to CVE-2026-39402.
[ Tests ]
Upstream did add a test in the 7.0 release, but I haven't included it
in the cherry-pick because the packaging of lxc in bookworm won't ever
actually run it.
[ Risks ]
Minor/none -- one targeted fix cherry-picked from the upstream git
repo.
[ Checklist ]
[*] *all* changes are documented in the d/changelog
[*] I reviewed all changes and I approve them
[*] attach debdiff against the package in (old)stable
[*] the issue is verified as fixed in unstable
[ Changes ]
One patch as outlined above.
[ Other info ]
The source debdiff is attached.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lxc_5.0.2-1+deb12u4.debdiff
Type: text/x-patch
Size: 6878 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20260430/6b8ff712/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20260430/6b8ff712/attachment.sig>
More information about the Pkg-lxc-devel
mailing list