[pkg-lxc-devel] Bug#1135291: trixie-pu: package lxc/1:6.0.4-4+deb13u3

[Mathias Gibbens]

Package: release.debian.org
Severity: normal
Tags: trixie
User: release.debian.org at packages.debian.org
Usertags: pu
X-Debbugs-Cc: pkg-lxc-devel at lists.alioth.debian.org, team at security.debian.org, gibmat at debian.org
Control: affects -1 + src:lxc

[ Reason ]
The release of LXC 7.0 included a fix for the low severity CVE-2026-
39402. After discussion with the Security Team, this vulnerability
won't receive its own DSA, but will be addressed via the upcoming point
release.

[ Impact ]
LXC in trixie is currently vulnerable to CVE-2026-39402.

[ Tests ]
Upstream did add a test in the 7.0 release, but I haven't included it
in the cherry-pick because the packaging of lxc in trixie won't ever
actually run it.

[ Risks ]
Minor/none -- one targeted fix cherry-picked from the upstream git
repo.

[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in (old)stable
  [*] the issue is verified as fixed in unstable

[ Changes ]
One patch as outlined above.

[ Other info ]
The source debdiff is attached.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lxc_6.0.4-4+deb13u3.debdiff
Type: text/x-patch
Size: 6879 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20260430/91451b6b/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20260430/91451b6b/attachment-0001.sig>