{
    "summary": {
        "snap": {
            "added": [],
            "removed": [],
            "diff": []
        },
        "deb": {
            "added": [
                "ncurses-term"
            ],
            "removed": [],
            "diff": [
                "apparmor",
                "dhcpcd-base",
                "fuse3",
                "gcc-16-base",
                "gir1.2-girepository-3.0",
                "gir1.2-glib-2.0",
                "libapparmor1",
                "libatomic1",
                "libcap-ng0",
                "libcbor0.10",
                "libedit2",
                "libelf1t64",
                "libfreetype6",
                "libfuse3-4",
                "libgcc-s1",
                "libgcrypt20",
                "libgirepository-2.0-0",
                "libglib2.0-0t64",
                "libgnutls30t64",
                "libidn2-0",
                "libjs-sphinxdoc",
                "libldap-common",
                "libldap2",
                "libp11-kit0",
                "libparted2t64",
                "libpsl5t64",
                "libpython3.14-minimal",
                "libpython3.14-stdlib",
                "librtmp1",
                "libselinux1",
                "libssh2-1t64",
                "libstdc++6",
                "libwrap0",
                "parted",
                "pci.ids",
                "perl-base",
                "python3-attr",
                "python3-certifi",
                "python3-jinja2",
                "python3-jwt",
                "python3.14",
                "python3.14-minimal",
                "rust-coreutils",
                "screen",
                "snapd"
            ]
        }
    },
    "diff": {
        "deb": [
            {
                "name": "apparmor",
                "from_version": {
                    "source_package_name": "apparmor",
                    "source_package_version": "5.0.0~beta1-0ubuntu7",
                    "version": "5.0.0~beta1-0ubuntu7"
                },
                "to_version": {
                    "source_package_name": "apparmor",
                    "source_package_version": "5.0.1-0ubuntu1",
                    "version": "5.0.1-0ubuntu1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release.",
                            "  * d/apparmor.install: add the new glycin.* profiles",
                            "  * d/libapparmor1.symbols: add the new library symbols",
                            "  * d/rules: add profiles check to testing step",
                            "  * d/watch:",
                            "    - Update regex to handle -rc version numbers",
                            "    - Update to version 5 of the format",
                            "  * Refresh patches to apply to upstream release:",
                            "    - d/p/u/profiles-grant-access-to-systemd-resolved.patch",
                            "    - d/p/u/aa-notify-fallback-to-ev-comm-when-ev-execpath.patch",
                            "  * Update patches to apply to upstream release:",
                            "    - d/p/u/samba-systemd-interaction.patch",
                            "    - d/p/u/profiles_disable_curl.patch",
                            "    - d/p/u/profiles_add_more_consoles_workaround.patch",
                            "    - d/p/u/profiles-use-coreutils-tunable.patch",
                            "    - d/p/u/0001-parser-add-more-reserved-mediation-classes.patch",
                            "    - d/p/u/0007-Set-parser-network.h-ip_conds-ptrs-to-null-in-its-fr.patch",
                            "  * Drop patches that were applied upstream:",
                            "    - d/p/u/libapparmor-move-aa_get_lsm_iface-decl-in-libapparmor.patch",
                            "    - d/p/u/0001-parser-set-umask-before-creating-temp-file.patch",
                            "    - d/p/u/0002-parser-restrict-umask-to-allow-only-user-permissions.patch",
                            "    - d/p/u/libapparmor-add-test-for-libapparmor-features-prefix.patch",
                            "    - d/p/u/transmission-common-fixes-for-lp-2137395.patch",
                            "    - d/p/u/unix-chkpwd-add-disconnected-run-paths.patch",
                            "    - d/p/u/profiles-add-extensions-to-allowed-ghostscript.patch",
                            "    - d/p/u/profiles-expand-the-allowed-directories-for-ghostscript.patch",
                            "    - d/p/u/profiles-add-sys-kernel-mm-transparent_hugepage-enable.patch",
                            "    - d/p/u/0006-parser-name-ns_domain-and-network_v9-classes.patch",
                            "    - d/p/u/0011-utils-add-support-for-iface-an-label-in-network-rule.patch",
                            "    - d/p/u/0013-parser-fix-FTBFS-due-to-missing-merge-edit.patch",
                            "    - d/p/u/0014-tests-check-if-skb-mediation-is-enabled.patch",
                            "    - d/p/u/snap-browser-add-missing-perms-when-opening-from-link.patch",
                            "    - d/p/u/lsusb-allow-reading-etc-udev-hwdb-bin.patch",
                            "    - d/p/u/profiles-grant-unix-domain-socket-access-to-sanitize.patch",
                            "    - d/p/u/0002-parser-refactor-compressed-policy-cache.patch",
                            "    - d/p/u/0003-parser-handle-compressed-cache-on-kernels-without-de.patch",
                            "    - d/p/u/0004-regression-fix-the-e2e-test-for-compressed-caches.patch",
                            "  * Drop patches that were superseded upstream:",
                            "    - d/p/u/0002-parser-convert-conditionals-operators-to-an-enum.patch",
                            "    - d/p/u/0003-parser-add-override-assign-to-cond-list-elements.patch",
                            "    - d/p/u/0004-parser-support-network-interface-conditional.patch",
                            "    - d/p/u/0005-tests-add-network-interface-tests.patch",
                            "    - d/p/u/0008-parser-move-to-encode-an-alternation-of-a-null-trans.patch",
                            "    - d/p/u/0009-parser-disable-ability-to-specify-interface-on-peer-.patch",
                            "    - d/p/u/0010-parser-fix-iface-perms-to-work-when-v9-and-v9_skb-ar.patch",
                            "    - d/p/u/0012-parser-fix-label-match-for-default-label-values.patch",
                            "    - d/p/u/0001-parser-fix-rewriting-of-cache-after-zstd-recompressi.patch",
                            "  * Add patches to fix FTBFS (profile test enabling):",
                            "    - d/p/u/profiles-allow-more-attach-disconnected.patch",
                            "  * Update patches to fix FTBFS (profile test enabling):",
                            "    - d/p/u/openvpn_mr_1263.patch",
                            "    - d/p/u/irssi_mr_1332.patch",
                            "    - d/p/u/os_prober_mr_1569.patch",
                            "    - d/p/u/profiles_disable_free.patch",
                            "    - d/p/u/profiles_disable_curl.patch",
                            "    - d/p/u/profiles-tunables-add-coreutils-var.patch",
                            "    - d/p/u/profiles-use-coreutils-tunable.patch",
                            "    - d/p/u/profiles-pull-openvpn-profile.patch",
                            ""
                        ],
                        "package": "apparmor",
                        "version": "5.0.1-0ubuntu1",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [],
                        "author": "Ryan Lee <ryan.lee@canonical.com>",
                        "date": "Wed, 10 Jun 2026 09:40:03 -0700"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "dhcpcd-base",
                "from_version": {
                    "source_package_name": "dhcpcd",
                    "source_package_version": "1:10.3.0-7",
                    "version": "1:10.3.0-7"
                },
                "to_version": {
                    "source_package_name": "dhcpcd",
                    "source_package_version": "1:10.3.2-3",
                    "version": "1:10.3.2-3"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * [tests]",
                            "     timesyncd-ntp-servers-from-dhcp: Mark as flaky.",
                            ""
                        ],
                        "package": "dhcpcd",
                        "version": "1:10.3.2-3",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Martin-Éric Racine <martin-eric.racine@iki.fi>",
                        "date": "Sat, 02 May 2026 07:59:36 +0300"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * [tests]",
                            "    = timesyncd-ntp-servers-from-dhcp: Implement shellcheck suggestions.",
                            ""
                        ],
                        "package": "dhcpcd",
                        "version": "1:10.3.2-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Martin-Éric Racine <martin-eric.racine@iki.fi>",
                        "date": "Fri, 01 May 2026 15:49:50 +0300"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream version.",
                            "  * [control]",
                            "    = Move transitional package dhcpcd5 to oldlibs/optional per policy 4.0.1.",
                            "  * [presubj]",
                            "    = Hurd has been ported to 2 architectures. Adjust bug-presubj accordingly.",
                            ""
                        ],
                        "package": "dhcpcd",
                        "version": "1:10.3.2-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Martin-Éric Racine <martin-eric.racine@iki.fi>",
                        "date": "Thu, 30 Apr 2026 17:04:25 +0300"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Add bug-presubj to warn about sysusers minimum requirement.",
                            ""
                        ],
                        "package": "dhcpcd",
                        "version": "1:10.3.1-5",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Martin-Éric Racine <martin-eric.racine@iki.fi>",
                        "date": "Thu, 23 Apr 2026 12:59:38 +0300"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * [rules,sysusers]",
                            "    = Migrate to _dhcpcd /var/lib/dhcpcd /sbin/nologin.",
                            "  * [dirs]",
                            "    - Drop empty /usr/lib/dhcpcd thanks to the above.",
                            ""
                        ],
                        "package": "dhcpcd",
                        "version": "1:10.3.1-4",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Martin-Éric Racine <martin-eric.racine@iki.fi>",
                        "date": "Sat, 18 Apr 2026 15:04:05 +0300"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * [control]",
                            "    = Bump Standards-Version to 4.7.4 (no change required).",
                            "  * [rules]",
                            "    = Migrate from Debian patch to --enable-ntp configure option.",
                            "    = Migrate to SPDX-FileCopyrightText declaration.",
                            ""
                        ],
                        "package": "dhcpcd",
                        "version": "1:10.3.1-3",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Martin-Éric Racine <martin-eric.racine@iki.fi>",
                        "date": "Sat, 18 Apr 2026 09:17:35 +0300"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * [control]",
                            "    = Make the long description for bin:dhcpcd even more obvious.",
                            "    + Add Build-Depends for Hurd.",
                            "    = wrap-and-sort -ast",
                            "  * [rules]",
                            "    = Modernize to fetch LFS flags via dpkg-buildflags.",
                            ""
                        ],
                        "package": "dhcpcd",
                        "version": "1:10.3.1-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Martin-Éric Racine <martin-eric.racine@iki.fi>",
                        "date": "Sat, 11 Apr 2026 14:51:12 +0300"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream version.",
                            "    Includes upstream's overdue adaptation of Daniel Gröber's Merge Request.",
                            "    Thank you for your patience, Daniel (Closes: #1121014, #1121018).",
                            "  * [control]",
                            "    = Bump Standards-Version to 4.7.3.",
                            "    - Depends: sysvinit-utils (>= 3.05-4~) | lsb-base. Essential packages.",
                            "    - Recommends: iwd | wireless-tools. Not needed for wireless profiles.",
                            "  * [copyright]",
                            "    lintian-brush: Reorder Files paragraphs by directory depth.",
                            "  * [signing-key.asc]",
                            "    lintian-brush: Upgrade upstream signing key to new packet format.",
                            ""
                        ],
                        "package": "dhcpcd",
                        "version": "1:10.3.1-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Martin-Éric Racine <martin-eric.racine@iki.fi>",
                        "date": "Mon, 16 Mar 2026 15:28:49 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "fuse3",
                "from_version": {
                    "source_package_name": "fuse3",
                    "source_package_version": "3.18.2-1",
                    "version": "3.18.2-1"
                },
                "to_version": {
                    "source_package_name": "fuse3",
                    "source_package_version": "3.18.2-2",
                    "version": "3.18.2-2"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Remove adduser dependency (closes: #1128249).",
                            "  * Remove unnecessary dependency version constraints.",
                            "  * Do not suggest fuse package.",
                            ""
                        ],
                        "package": "fuse3",
                        "version": "3.18.2-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Laszlo Boszormenyi (GCS) <gcs@debian.org>",
                        "date": "Sat, 25 Apr 2026 15:58:24 +0000"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "gcc-16-base",
                "from_version": {
                    "source_package_name": "gcc-16",
                    "source_package_version": "16-20260322-1ubuntu1",
                    "version": "16-20260322-1ubuntu1"
                },
                "to_version": {
                    "source_package_name": "gcc-16",
                    "source_package_version": "16.1.0-2ubuntu1",
                    "version": "16.1.0-2ubuntu1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2152642
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Merge with Debian; remaining changes:",
                            "    - Build from upstream sources.",
                            "    - Work-around the 80GB chroot size on the Ubuntu buildds.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-2ubuntu1",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@ubuntu.com>",
                        "date": "Sat, 13 Jun 2026 11:14:58 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Update to git 20260613 from the gcc-16 branch.",
                            "    - Fix PR target/125751 (AVR), PR target/125611 (X86),",
                            "      PR rtl-optimization/125375, PR target/122827 (AArch64),",
                            "      PR tree-optimization/125250, PR middle-end/125156, PR target/124870 (ARM),",
                            "      PR target/125215 (RISCV), PR tree-optimization/124151,",
                            "      PR target/124895 (AArch64), PR target/125409 (AVR),",
                            "      PR target/125362 (loongarch), PR target/125320 (RISCV),",
                            "      PR target/125373 (X86), PR other/125348, PR target/125355 (X86),",
                            "      PR target/125355 (X86), PR target/125351 (X86), PR target/120870 (X86),",
                            "      PR tree-optimization/125291, PR target/125308 (X86),",
                            "      PR target/124316 (X86), PR target/125194 (AVR),",
                            "      PR target/125049 (loongarch), PR middle-end/125259,",
                            "      PR target/53929 (MingW), PR ada/125695, PR ada/18205, PR other/125348,",
                            "      PR ada/125240, PR c/124532, PR c++/125284, PR c++/125333, PR c++/125498,",
                            "      PR c++/125334, PR c++/125378, PR c++/125490, PR c++/125123,",
                            "      PR c++/125412, PR c++/125376, PR c++/125454, PR c++/125423,",
                            "      PR c++/125135, PR c++/125384, PR c++/113563, PR c++/125007,",
                            "      PR c++/125315, PR c++/124628, PR c++/125184, PR c++/125111,",
                            "      PR c++/124991, PR c++/125280, PR c++/100903, PR c++/115181,",
                            "      PR c++/125043, PR c++/124979, PR c++/125208, PR fortran/125669,",
                            "      PR fortran/125606, PR fortran/125393, PR fortran/105582,",
                            "      PR fortran/125391, PR fortran/125416, PR fortran/106546,",
                            "      PR fortran/115260, PR fortran/125021, PR fortran/125192,",
                            "      PR fortran/125198, PR fortran/111952, PR fortran/125059,",
                            "      PR other/125348, PR target/125752 (AVR), PR libfortran/125095,",
                            "      PR libstdc++/125450, PR libstdc++/125374, PR libstdc++/125369,",
                            "      PR libstdc++/78302, PR libstdc++/71301, PR libstdc++/125312.",
                            "",
                            "  [ Matthias Klose ]",
                            "  * Build using GNAT 15 for now. See #1136069.",
                            "  * Configure --with-arch=rv64gc on Ubuntu/riscv64. LP: #2152642.",
                            "  * Apply proposed patch for PR rtl-optimization/123853 (m68k). See #1107416.",
                            "  * Still configure --with-arch=rv64gc for Debian/riscv64 backports.",
                            "  * Apply PR middle-end/124637, taken from the trunk. Addresses: #1131886.",
                            "",
                            "  [ Aurelien Jarno ]",
                            "  * Configure --with-arch=rva20u64 on Debian/riscv64.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [
                            2152642
                        ],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Sat, 13 Jun 2026 10:54:28 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Build using GNAT 15 for now. See #1136069.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-1ubuntu2",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@ubuntu.com>",
                        "date": "Sat, 09 May 2026 08:29:53 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Merge with Debian; remaining changes:",
                            "    - Build from upstream sources.",
                            "    - Work-around the 80GB chroot size on the Ubuntu buildds.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-1ubuntu1",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@ubuntu.com>",
                        "date": "Sat, 09 May 2026 08:05:35 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * GCC 16.1.0 release.",
                            "  * Update to git 20260509 from the gcc-16 branch.",
                            "    - Fix PR target/120587 (OR1K), PR target/125155 (OR1K),",
                            "      PR target/125057 (loongarch), PR target/125180 (x86),",
                            "      PR tree-optimization/125079, PR tree-optimization/125079,",
                            "      PR target/125117 (x86), PR target/124984 (RISCV), PR middle-end/123635,",
                            "      PR tree-optimization/125039, PR target/124133 (PPC), PR middle-end/123635,",
                            "      PR tree-optimization/124988, PR ada/125168, PR ada/125044,",
                            "      PR c++/124770, PR c++/125206, PR c++/125179, PR c++/124957,",
                            "      PR c++/125115, PR c++/124926, PR c++/124989, PR c++/124756,",
                            "      PR c++/125096, PR c++/125035, PR c++/124582, PR c++/123810,",
                            "      PR c++/124953, PR c++/124981, PR d/125089, PR libstdc++/109965,",
                            "      PR libstdc++/121919, PR libstdc++/125112, PR libstdc++/125024,",
                            "      PR tree-optimization/125185, PR middle-end/125146,",
                            "      PR tree-optimization/125025, PR tree-optimization/125025,.",
                            "    - Revert fix for PR tree-optimization/120003.",
                            "  * d/shlibs.common: Add libgdiagnostics.",
                            "  * Drop the debian/lib{32,64}stdc++CXX.postinst scripts, GCC 4.4 times ...",
                            "  * Update NEWS files.",
                            "  * Bump standards version.",
                            "  * libstdc++-dev: Make baseline file reproducible. Addresses: #1133772.",
                            "  * Configure with --enable-checking=release on amd64, but keep the extra",
                            "    checking on arm64 i386 mips64el ppc64 ppc64el s390x for now.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Sat, 09 May 2026 06:46:33 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Snapshot, taken from the gcc-16 branch (20260425, release candidate).",
                            "  * Fix typo in libgcc-s symbols file.",
                            "  * Update libgphobos symbols file for amd64.",
                            "  * Refresh cross-install-location patch.",
                            "  * Replace outdated postal FSF address with URL.",
                            "  * Turn on again PGO/LTO builds for most 64bit architectures.",
                            "  * Turn on running the testsuite again.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16-20260425-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Sat, 25 Apr 2026 07:19:09 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Snapshot, taken from the gcc-16 branch (20260423).",
                            "  * Require bison 3.5.1 or 3.8.2 for the gcobol build.",
                            "  * Update the ada-armel-libatomic patch for PR ada/107475.",
                            "  * Build gcc itself with branch-protection (Emanuele Rocca). Closes: #1130592.",
                            "    - On arm64 by appending CFLAGS_SECURE to BOOT_CFLAGS.",
                            "    - Set BOOT_CFLAGS explicitly instead of relying on upstream defaults.",
                            "  * libgfortran-dev: Install libcaf_shmem.a.",
                            "  * Add conflicts for GCC 15 binary packages. Closes: #1133161.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16-20260423-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Thu, 23 Apr 2026 12:03:13 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "gir1.2-girepository-3.0",
                "from_version": {
                    "source_package_name": "glib2.0",
                    "source_package_version": "2.88.0-1",
                    "version": "2.88.0-1"
                },
                "to_version": {
                    "source_package_name": "glib2.0",
                    "source_package_version": "2.88.1-2",
                    "version": "2.88.1-2"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release",
                            "  * Run cme fix dpkg --save",
                            "  * Update debian/watch to comply with new Salsa CI uscan job",
                            "  * Update Standards Version to 4.7.4",
                            ""
                        ],
                        "package": "glib2.0",
                        "version": "2.88.1-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Jeremy Bícha <jbicha@ubuntu.com>",
                        "date": "Mon, 04 May 2026 18:18:03 -0400"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "gir1.2-glib-2.0",
                "from_version": {
                    "source_package_name": "glib2.0",
                    "source_package_version": "2.88.0-1",
                    "version": "2.88.0-1"
                },
                "to_version": {
                    "source_package_name": "glib2.0",
                    "source_package_version": "2.88.1-2",
                    "version": "2.88.1-2"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release",
                            "  * Run cme fix dpkg --save",
                            "  * Update debian/watch to comply with new Salsa CI uscan job",
                            "  * Update Standards Version to 4.7.4",
                            ""
                        ],
                        "package": "glib2.0",
                        "version": "2.88.1-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Jeremy Bícha <jbicha@ubuntu.com>",
                        "date": "Mon, 04 May 2026 18:18:03 -0400"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libapparmor1",
                "from_version": {
                    "source_package_name": "apparmor",
                    "source_package_version": "5.0.0~beta1-0ubuntu7",
                    "version": "5.0.0~beta1-0ubuntu7"
                },
                "to_version": {
                    "source_package_name": "apparmor",
                    "source_package_version": "5.0.1-0ubuntu1",
                    "version": "5.0.1-0ubuntu1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release.",
                            "  * d/apparmor.install: add the new glycin.* profiles",
                            "  * d/libapparmor1.symbols: add the new library symbols",
                            "  * d/rules: add profiles check to testing step",
                            "  * d/watch:",
                            "    - Update regex to handle -rc version numbers",
                            "    - Update to version 5 of the format",
                            "  * Refresh patches to apply to upstream release:",
                            "    - d/p/u/profiles-grant-access-to-systemd-resolved.patch",
                            "    - d/p/u/aa-notify-fallback-to-ev-comm-when-ev-execpath.patch",
                            "  * Update patches to apply to upstream release:",
                            "    - d/p/u/samba-systemd-interaction.patch",
                            "    - d/p/u/profiles_disable_curl.patch",
                            "    - d/p/u/profiles_add_more_consoles_workaround.patch",
                            "    - d/p/u/profiles-use-coreutils-tunable.patch",
                            "    - d/p/u/0001-parser-add-more-reserved-mediation-classes.patch",
                            "    - d/p/u/0007-Set-parser-network.h-ip_conds-ptrs-to-null-in-its-fr.patch",
                            "  * Drop patches that were applied upstream:",
                            "    - d/p/u/libapparmor-move-aa_get_lsm_iface-decl-in-libapparmor.patch",
                            "    - d/p/u/0001-parser-set-umask-before-creating-temp-file.patch",
                            "    - d/p/u/0002-parser-restrict-umask-to-allow-only-user-permissions.patch",
                            "    - d/p/u/libapparmor-add-test-for-libapparmor-features-prefix.patch",
                            "    - d/p/u/transmission-common-fixes-for-lp-2137395.patch",
                            "    - d/p/u/unix-chkpwd-add-disconnected-run-paths.patch",
                            "    - d/p/u/profiles-add-extensions-to-allowed-ghostscript.patch",
                            "    - d/p/u/profiles-expand-the-allowed-directories-for-ghostscript.patch",
                            "    - d/p/u/profiles-add-sys-kernel-mm-transparent_hugepage-enable.patch",
                            "    - d/p/u/0006-parser-name-ns_domain-and-network_v9-classes.patch",
                            "    - d/p/u/0011-utils-add-support-for-iface-an-label-in-network-rule.patch",
                            "    - d/p/u/0013-parser-fix-FTBFS-due-to-missing-merge-edit.patch",
                            "    - d/p/u/0014-tests-check-if-skb-mediation-is-enabled.patch",
                            "    - d/p/u/snap-browser-add-missing-perms-when-opening-from-link.patch",
                            "    - d/p/u/lsusb-allow-reading-etc-udev-hwdb-bin.patch",
                            "    - d/p/u/profiles-grant-unix-domain-socket-access-to-sanitize.patch",
                            "    - d/p/u/0002-parser-refactor-compressed-policy-cache.patch",
                            "    - d/p/u/0003-parser-handle-compressed-cache-on-kernels-without-de.patch",
                            "    - d/p/u/0004-regression-fix-the-e2e-test-for-compressed-caches.patch",
                            "  * Drop patches that were superseded upstream:",
                            "    - d/p/u/0002-parser-convert-conditionals-operators-to-an-enum.patch",
                            "    - d/p/u/0003-parser-add-override-assign-to-cond-list-elements.patch",
                            "    - d/p/u/0004-parser-support-network-interface-conditional.patch",
                            "    - d/p/u/0005-tests-add-network-interface-tests.patch",
                            "    - d/p/u/0008-parser-move-to-encode-an-alternation-of-a-null-trans.patch",
                            "    - d/p/u/0009-parser-disable-ability-to-specify-interface-on-peer-.patch",
                            "    - d/p/u/0010-parser-fix-iface-perms-to-work-when-v9-and-v9_skb-ar.patch",
                            "    - d/p/u/0012-parser-fix-label-match-for-default-label-values.patch",
                            "    - d/p/u/0001-parser-fix-rewriting-of-cache-after-zstd-recompressi.patch",
                            "  * Add patches to fix FTBFS (profile test enabling):",
                            "    - d/p/u/profiles-allow-more-attach-disconnected.patch",
                            "  * Update patches to fix FTBFS (profile test enabling):",
                            "    - d/p/u/openvpn_mr_1263.patch",
                            "    - d/p/u/irssi_mr_1332.patch",
                            "    - d/p/u/os_prober_mr_1569.patch",
                            "    - d/p/u/profiles_disable_free.patch",
                            "    - d/p/u/profiles_disable_curl.patch",
                            "    - d/p/u/profiles-tunables-add-coreutils-var.patch",
                            "    - d/p/u/profiles-use-coreutils-tunable.patch",
                            "    - d/p/u/profiles-pull-openvpn-profile.patch",
                            ""
                        ],
                        "package": "apparmor",
                        "version": "5.0.1-0ubuntu1",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [],
                        "author": "Ryan Lee <ryan.lee@canonical.com>",
                        "date": "Wed, 10 Jun 2026 09:40:03 -0700"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libatomic1",
                "from_version": {
                    "source_package_name": "gcc-16",
                    "source_package_version": "16-20260322-1ubuntu1",
                    "version": "16-20260322-1ubuntu1"
                },
                "to_version": {
                    "source_package_name": "gcc-16",
                    "source_package_version": "16.1.0-2ubuntu1",
                    "version": "16.1.0-2ubuntu1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2152642
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Merge with Debian; remaining changes:",
                            "    - Build from upstream sources.",
                            "    - Work-around the 80GB chroot size on the Ubuntu buildds.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-2ubuntu1",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@ubuntu.com>",
                        "date": "Sat, 13 Jun 2026 11:14:58 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Update to git 20260613 from the gcc-16 branch.",
                            "    - Fix PR target/125751 (AVR), PR target/125611 (X86),",
                            "      PR rtl-optimization/125375, PR target/122827 (AArch64),",
                            "      PR tree-optimization/125250, PR middle-end/125156, PR target/124870 (ARM),",
                            "      PR target/125215 (RISCV), PR tree-optimization/124151,",
                            "      PR target/124895 (AArch64), PR target/125409 (AVR),",
                            "      PR target/125362 (loongarch), PR target/125320 (RISCV),",
                            "      PR target/125373 (X86), PR other/125348, PR target/125355 (X86),",
                            "      PR target/125355 (X86), PR target/125351 (X86), PR target/120870 (X86),",
                            "      PR tree-optimization/125291, PR target/125308 (X86),",
                            "      PR target/124316 (X86), PR target/125194 (AVR),",
                            "      PR target/125049 (loongarch), PR middle-end/125259,",
                            "      PR target/53929 (MingW), PR ada/125695, PR ada/18205, PR other/125348,",
                            "      PR ada/125240, PR c/124532, PR c++/125284, PR c++/125333, PR c++/125498,",
                            "      PR c++/125334, PR c++/125378, PR c++/125490, PR c++/125123,",
                            "      PR c++/125412, PR c++/125376, PR c++/125454, PR c++/125423,",
                            "      PR c++/125135, PR c++/125384, PR c++/113563, PR c++/125007,",
                            "      PR c++/125315, PR c++/124628, PR c++/125184, PR c++/125111,",
                            "      PR c++/124991, PR c++/125280, PR c++/100903, PR c++/115181,",
                            "      PR c++/125043, PR c++/124979, PR c++/125208, PR fortran/125669,",
                            "      PR fortran/125606, PR fortran/125393, PR fortran/105582,",
                            "      PR fortran/125391, PR fortran/125416, PR fortran/106546,",
                            "      PR fortran/115260, PR fortran/125021, PR fortran/125192,",
                            "      PR fortran/125198, PR fortran/111952, PR fortran/125059,",
                            "      PR other/125348, PR target/125752 (AVR), PR libfortran/125095,",
                            "      PR libstdc++/125450, PR libstdc++/125374, PR libstdc++/125369,",
                            "      PR libstdc++/78302, PR libstdc++/71301, PR libstdc++/125312.",
                            "",
                            "  [ Matthias Klose ]",
                            "  * Build using GNAT 15 for now. See #1136069.",
                            "  * Configure --with-arch=rv64gc on Ubuntu/riscv64. LP: #2152642.",
                            "  * Apply proposed patch for PR rtl-optimization/123853 (m68k). See #1107416.",
                            "  * Still configure --with-arch=rv64gc for Debian/riscv64 backports.",
                            "  * Apply PR middle-end/124637, taken from the trunk. Addresses: #1131886.",
                            "",
                            "  [ Aurelien Jarno ]",
                            "  * Configure --with-arch=rva20u64 on Debian/riscv64.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [
                            2152642
                        ],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Sat, 13 Jun 2026 10:54:28 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Build using GNAT 15 for now. See #1136069.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-1ubuntu2",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@ubuntu.com>",
                        "date": "Sat, 09 May 2026 08:29:53 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Merge with Debian; remaining changes:",
                            "    - Build from upstream sources.",
                            "    - Work-around the 80GB chroot size on the Ubuntu buildds.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-1ubuntu1",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@ubuntu.com>",
                        "date": "Sat, 09 May 2026 08:05:35 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * GCC 16.1.0 release.",
                            "  * Update to git 20260509 from the gcc-16 branch.",
                            "    - Fix PR target/120587 (OR1K), PR target/125155 (OR1K),",
                            "      PR target/125057 (loongarch), PR target/125180 (x86),",
                            "      PR tree-optimization/125079, PR tree-optimization/125079,",
                            "      PR target/125117 (x86), PR target/124984 (RISCV), PR middle-end/123635,",
                            "      PR tree-optimization/125039, PR target/124133 (PPC), PR middle-end/123635,",
                            "      PR tree-optimization/124988, PR ada/125168, PR ada/125044,",
                            "      PR c++/124770, PR c++/125206, PR c++/125179, PR c++/124957,",
                            "      PR c++/125115, PR c++/124926, PR c++/124989, PR c++/124756,",
                            "      PR c++/125096, PR c++/125035, PR c++/124582, PR c++/123810,",
                            "      PR c++/124953, PR c++/124981, PR d/125089, PR libstdc++/109965,",
                            "      PR libstdc++/121919, PR libstdc++/125112, PR libstdc++/125024,",
                            "      PR tree-optimization/125185, PR middle-end/125146,",
                            "      PR tree-optimization/125025, PR tree-optimization/125025,.",
                            "    - Revert fix for PR tree-optimization/120003.",
                            "  * d/shlibs.common: Add libgdiagnostics.",
                            "  * Drop the debian/lib{32,64}stdc++CXX.postinst scripts, GCC 4.4 times ...",
                            "  * Update NEWS files.",
                            "  * Bump standards version.",
                            "  * libstdc++-dev: Make baseline file reproducible. Addresses: #1133772.",
                            "  * Configure with --enable-checking=release on amd64, but keep the extra",
                            "    checking on arm64 i386 mips64el ppc64 ppc64el s390x for now.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Sat, 09 May 2026 06:46:33 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Snapshot, taken from the gcc-16 branch (20260425, release candidate).",
                            "  * Fix typo in libgcc-s symbols file.",
                            "  * Update libgphobos symbols file for amd64.",
                            "  * Refresh cross-install-location patch.",
                            "  * Replace outdated postal FSF address with URL.",
                            "  * Turn on again PGO/LTO builds for most 64bit architectures.",
                            "  * Turn on running the testsuite again.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16-20260425-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Sat, 25 Apr 2026 07:19:09 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Snapshot, taken from the gcc-16 branch (20260423).",
                            "  * Require bison 3.5.1 or 3.8.2 for the gcobol build.",
                            "  * Update the ada-armel-libatomic patch for PR ada/107475.",
                            "  * Build gcc itself with branch-protection (Emanuele Rocca). Closes: #1130592.",
                            "    - On arm64 by appending CFLAGS_SECURE to BOOT_CFLAGS.",
                            "    - Set BOOT_CFLAGS explicitly instead of relying on upstream defaults.",
                            "  * libgfortran-dev: Install libcaf_shmem.a.",
                            "  * Add conflicts for GCC 15 binary packages. Closes: #1133161.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16-20260423-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Thu, 23 Apr 2026 12:03:13 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libcap-ng0",
                "from_version": {
                    "source_package_name": "libcap-ng",
                    "source_package_version": "0.8.5-4build5",
                    "version": "0.8.5-4build5"
                },
                "to_version": {
                    "source_package_name": "libcap-ng",
                    "source_package_version": "0.9.3-1",
                    "version": "0.9.3-1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release.",
                            "  * d/patches",
                            "    - Rebase patches.",
                            "    - Drop patch included upstream.",
                            "  * Update symbols file.",
                            "  * Update Standards Version to 4.7.4, no changes needed.",
                            "  * d/copyright: Add section for new files.",
                            ""
                        ],
                        "package": "libcap-ng",
                        "version": "0.9.3-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Håvard F. Aasen <havard.f.aasen@pfft.no>",
                        "date": "Sat, 18 Apr 2026 08:24:19 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release.",
                            "  * Rebase patches.",
                            "  * Add patch from upstream to move bash completion file to correct",
                            "    location.",
                            ""
                        ],
                        "package": "libcap-ng",
                        "version": "0.9.2-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Håvard F. Aasen <havard.f.aasen@pfft.no>",
                        "date": "Sun, 29 Mar 2026 19:42:29 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release.",
                            "  * Rebase patches:",
                            "    - Drop cherry-picked patch included from upstream.",
                            "  * d/copyright:",
                            "    - Remove old FSF address.",
                            "    - Bump copyright year on myself.",
                            "    - Bump copyright year on upstream.",
                            "  * Remove RRR, value is now default.",
                            "  * Update Standards-Version to 4.7.3:",
                            "    - Remove priority, optional is now default.",
                            "  * Update d/watch to version 5.",
                            "  * Run wrap-and-sort with arguments 'asbkt'.",
                            "  * Use CI pipeline from file, not URL.",
                            "  * Add pkg-config as build dependency.",
                            "  * Add d/clean to remove file after build.",
                            ""
                        ],
                        "package": "libcap-ng",
                        "version": "0.9.1-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Håvard F. Aasen <havard.f.aasen@pfft.no>",
                        "date": "Fri, 20 Feb 2026 11:00:07 +0100"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libcbor0.10",
                "from_version": {
                    "source_package_name": "libcbor",
                    "source_package_version": "0.10.2-2ubuntu3",
                    "version": "0.10.2-2ubuntu3"
                },
                "to_version": {
                    "source_package_name": "libcbor",
                    "source_package_version": "0.10.2-2.1ubuntu1",
                    "version": "0.10.2-2.1ubuntu1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2153317
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Merge with Debian unstable (LP: #2153317). Remaining changes:",
                            "    - d/rules: add hardening=+all",
                            "    - d/rules: override auto_configure to enable tests and set the build type",
                            "      to \"Release\" as shown in the upstream build instructions.",
                            "  * Dropped changes, included in Debian:",
                            "    - d/p/0001-Set-cmake_minimum_required-to-3.5.patch:",
                            "      + cherry pick build fix from Debian (lp: 2146890)",
                            ""
                        ],
                        "package": "libcbor",
                        "version": "0.10.2-2.1ubuntu1",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [
                            2153317
                        ],
                        "author": "Nick Rosbrook <enr0n@ubuntu.com>",
                        "date": "Fri, 19 Jun 2026 09:29:35 -0400"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Non-maintainer upload.",
                            "  * Backport upstream fix for FTBFS with CMake 4. (Closes: #1113124)",
                            ""
                        ],
                        "package": "libcbor",
                        "version": "0.10.2-2.1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Adrian Bunk <bunk@debian.org>",
                        "date": "Fri, 14 Nov 2025 21:50:27 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libedit2",
                "from_version": {
                    "source_package_name": "libedit",
                    "source_package_version": "3.1-20251016-1",
                    "version": "3.1-20251016-1"
                },
                "to_version": {
                    "source_package_name": "libedit",
                    "source_package_version": "3.1-20260512-1",
                    "version": "3.1-20260512-1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release",
                            "  * Update watch file format version to 5.",
                            "  * Remove redundant Priority: optional from source stanza.",
                            ""
                        ],
                        "package": "libedit",
                        "version": "3.1-20260512-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Sylvestre Ledru <sylvestre@debian.org>",
                        "date": "Mon, 25 May 2026 08:46:24 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libelf1t64",
                "from_version": {
                    "source_package_name": "elfutils",
                    "source_package_version": "0.194-4",
                    "version": "0.194-4"
                },
                "to_version": {
                    "source_package_name": "elfutils",
                    "source_package_version": "0.195-1",
                    "version": "0.195-1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream version.",
                            "  * Drop KFreeBSD patches.",
                            "  * Drop the perf_regs patch.",
                            "  * Refresh patches.",
                            "  * Bump standards version.",
                            ""
                        ],
                        "package": "elfutils",
                        "version": "0.195-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Wed, 22 Apr 2026 17:20:17 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Snapshot, taken from the trunk.",
                            ""
                        ],
                        "package": "elfutils",
                        "version": "0.194+20260315-1",
                        "urgency": "medium",
                        "distributions": "experimental",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Sun, 15 Mar 2026 11:20:32 +0100"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libfreetype6",
                "from_version": {
                    "source_package_name": "freetype",
                    "source_package_version": "2.14.2+dfsg-1",
                    "version": "2.14.2+dfsg-1"
                },
                "to_version": {
                    "source_package_name": "freetype",
                    "source_package_version": "2.14.3+dfsg-1",
                    "version": "2.14.3+dfsg-1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream version 2.14.3.",
                            "  * debian/control: Raise Standards-Version to 4.7.4 (no changes needed).",
                            "  * debian/copyright: Update for FreeType 2.14.3.",
                            ""
                        ],
                        "package": "freetype",
                        "version": "2.14.3+dfsg-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Hugh McMaster <hmc@debian.org>",
                        "date": "Fri, 03 Apr 2026 18:04:32 +1100"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libfuse3-4",
                "from_version": {
                    "source_package_name": "fuse3",
                    "source_package_version": "3.18.2-1",
                    "version": "3.18.2-1"
                },
                "to_version": {
                    "source_package_name": "fuse3",
                    "source_package_version": "3.18.2-2",
                    "version": "3.18.2-2"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Remove adduser dependency (closes: #1128249).",
                            "  * Remove unnecessary dependency version constraints.",
                            "  * Do not suggest fuse package.",
                            ""
                        ],
                        "package": "fuse3",
                        "version": "3.18.2-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Laszlo Boszormenyi (GCS) <gcs@debian.org>",
                        "date": "Sat, 25 Apr 2026 15:58:24 +0000"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libgcc-s1",
                "from_version": {
                    "source_package_name": "gcc-16",
                    "source_package_version": "16-20260322-1ubuntu1",
                    "version": "16-20260322-1ubuntu1"
                },
                "to_version": {
                    "source_package_name": "gcc-16",
                    "source_package_version": "16.1.0-2ubuntu1",
                    "version": "16.1.0-2ubuntu1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2152642
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Merge with Debian; remaining changes:",
                            "    - Build from upstream sources.",
                            "    - Work-around the 80GB chroot size on the Ubuntu buildds.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-2ubuntu1",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@ubuntu.com>",
                        "date": "Sat, 13 Jun 2026 11:14:58 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Update to git 20260613 from the gcc-16 branch.",
                            "    - Fix PR target/125751 (AVR), PR target/125611 (X86),",
                            "      PR rtl-optimization/125375, PR target/122827 (AArch64),",
                            "      PR tree-optimization/125250, PR middle-end/125156, PR target/124870 (ARM),",
                            "      PR target/125215 (RISCV), PR tree-optimization/124151,",
                            "      PR target/124895 (AArch64), PR target/125409 (AVR),",
                            "      PR target/125362 (loongarch), PR target/125320 (RISCV),",
                            "      PR target/125373 (X86), PR other/125348, PR target/125355 (X86),",
                            "      PR target/125355 (X86), PR target/125351 (X86), PR target/120870 (X86),",
                            "      PR tree-optimization/125291, PR target/125308 (X86),",
                            "      PR target/124316 (X86), PR target/125194 (AVR),",
                            "      PR target/125049 (loongarch), PR middle-end/125259,",
                            "      PR target/53929 (MingW), PR ada/125695, PR ada/18205, PR other/125348,",
                            "      PR ada/125240, PR c/124532, PR c++/125284, PR c++/125333, PR c++/125498,",
                            "      PR c++/125334, PR c++/125378, PR c++/125490, PR c++/125123,",
                            "      PR c++/125412, PR c++/125376, PR c++/125454, PR c++/125423,",
                            "      PR c++/125135, PR c++/125384, PR c++/113563, PR c++/125007,",
                            "      PR c++/125315, PR c++/124628, PR c++/125184, PR c++/125111,",
                            "      PR c++/124991, PR c++/125280, PR c++/100903, PR c++/115181,",
                            "      PR c++/125043, PR c++/124979, PR c++/125208, PR fortran/125669,",
                            "      PR fortran/125606, PR fortran/125393, PR fortran/105582,",
                            "      PR fortran/125391, PR fortran/125416, PR fortran/106546,",
                            "      PR fortran/115260, PR fortran/125021, PR fortran/125192,",
                            "      PR fortran/125198, PR fortran/111952, PR fortran/125059,",
                            "      PR other/125348, PR target/125752 (AVR), PR libfortran/125095,",
                            "      PR libstdc++/125450, PR libstdc++/125374, PR libstdc++/125369,",
                            "      PR libstdc++/78302, PR libstdc++/71301, PR libstdc++/125312.",
                            "",
                            "  [ Matthias Klose ]",
                            "  * Build using GNAT 15 for now. See #1136069.",
                            "  * Configure --with-arch=rv64gc on Ubuntu/riscv64. LP: #2152642.",
                            "  * Apply proposed patch for PR rtl-optimization/123853 (m68k). See #1107416.",
                            "  * Still configure --with-arch=rv64gc for Debian/riscv64 backports.",
                            "  * Apply PR middle-end/124637, taken from the trunk. Addresses: #1131886.",
                            "",
                            "  [ Aurelien Jarno ]",
                            "  * Configure --with-arch=rva20u64 on Debian/riscv64.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [
                            2152642
                        ],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Sat, 13 Jun 2026 10:54:28 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Build using GNAT 15 for now. See #1136069.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-1ubuntu2",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@ubuntu.com>",
                        "date": "Sat, 09 May 2026 08:29:53 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Merge with Debian; remaining changes:",
                            "    - Build from upstream sources.",
                            "    - Work-around the 80GB chroot size on the Ubuntu buildds.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-1ubuntu1",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@ubuntu.com>",
                        "date": "Sat, 09 May 2026 08:05:35 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * GCC 16.1.0 release.",
                            "  * Update to git 20260509 from the gcc-16 branch.",
                            "    - Fix PR target/120587 (OR1K), PR target/125155 (OR1K),",
                            "      PR target/125057 (loongarch), PR target/125180 (x86),",
                            "      PR tree-optimization/125079, PR tree-optimization/125079,",
                            "      PR target/125117 (x86), PR target/124984 (RISCV), PR middle-end/123635,",
                            "      PR tree-optimization/125039, PR target/124133 (PPC), PR middle-end/123635,",
                            "      PR tree-optimization/124988, PR ada/125168, PR ada/125044,",
                            "      PR c++/124770, PR c++/125206, PR c++/125179, PR c++/124957,",
                            "      PR c++/125115, PR c++/124926, PR c++/124989, PR c++/124756,",
                            "      PR c++/125096, PR c++/125035, PR c++/124582, PR c++/123810,",
                            "      PR c++/124953, PR c++/124981, PR d/125089, PR libstdc++/109965,",
                            "      PR libstdc++/121919, PR libstdc++/125112, PR libstdc++/125024,",
                            "      PR tree-optimization/125185, PR middle-end/125146,",
                            "      PR tree-optimization/125025, PR tree-optimization/125025,.",
                            "    - Revert fix for PR tree-optimization/120003.",
                            "  * d/shlibs.common: Add libgdiagnostics.",
                            "  * Drop the debian/lib{32,64}stdc++CXX.postinst scripts, GCC 4.4 times ...",
                            "  * Update NEWS files.",
                            "  * Bump standards version.",
                            "  * libstdc++-dev: Make baseline file reproducible. Addresses: #1133772.",
                            "  * Configure with --enable-checking=release on amd64, but keep the extra",
                            "    checking on arm64 i386 mips64el ppc64 ppc64el s390x for now.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Sat, 09 May 2026 06:46:33 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Snapshot, taken from the gcc-16 branch (20260425, release candidate).",
                            "  * Fix typo in libgcc-s symbols file.",
                            "  * Update libgphobos symbols file for amd64.",
                            "  * Refresh cross-install-location patch.",
                            "  * Replace outdated postal FSF address with URL.",
                            "  * Turn on again PGO/LTO builds for most 64bit architectures.",
                            "  * Turn on running the testsuite again.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16-20260425-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Sat, 25 Apr 2026 07:19:09 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Snapshot, taken from the gcc-16 branch (20260423).",
                            "  * Require bison 3.5.1 or 3.8.2 for the gcobol build.",
                            "  * Update the ada-armel-libatomic patch for PR ada/107475.",
                            "  * Build gcc itself with branch-protection (Emanuele Rocca). Closes: #1130592.",
                            "    - On arm64 by appending CFLAGS_SECURE to BOOT_CFLAGS.",
                            "    - Set BOOT_CFLAGS explicitly instead of relying on upstream defaults.",
                            "  * libgfortran-dev: Install libcaf_shmem.a.",
                            "  * Add conflicts for GCC 15 binary packages. Closes: #1133161.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16-20260423-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Thu, 23 Apr 2026 12:03:13 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libgcrypt20",
                "from_version": {
                    "source_package_name": "libgcrypt20",
                    "source_package_version": "1.12.0-2",
                    "version": "1.12.0-2"
                },
                "to_version": {
                    "source_package_name": "libgcrypt20",
                    "source_package_version": "1.12.2-1ubuntu1",
                    "version": "1.12.2-1ubuntu1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2154120
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * d/p/riscv-fix-vlen-greater-128: Fix computing on RISC-V ",
                            "    with VLEN > 128 (LP: #2154120)",
                            ""
                        ],
                        "package": "libgcrypt20",
                        "version": "1.12.2-1ubuntu1",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [
                            2154120
                        ],
                        "author": "Valentin Haudiquet <valentin.haudiquet@canonical.com>",
                        "date": "Fri, 29 May 2026 10:44:08 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release.",
                            ""
                        ],
                        "package": "libgcrypt20",
                        "version": "1.12.2-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Andreas Metzler <ametzler@debian.org>",
                        "date": "Tue, 21 Apr 2026 19:23:09 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Upload to unstable.",
                            ""
                        ],
                        "package": "libgcrypt20",
                        "version": "1.12.1-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Andreas Metzler <ametzler@debian.org>",
                        "date": "Mon, 09 Mar 2026 18:14:34 +0100"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release.",
                            "    + Drop patches.",
                            ""
                        ],
                        "package": "libgcrypt20",
                        "version": "1.12.1-1",
                        "urgency": "medium",
                        "distributions": "experimental",
                        "launchpad_bugs_fixed": [],
                        "author": "Andreas Metzler <ametzler@debian.org>",
                        "date": "Sat, 21 Feb 2026 11:40:56 +0100"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libgirepository-2.0-0",
                "from_version": {
                    "source_package_name": "glib2.0",
                    "source_package_version": "2.88.0-1",
                    "version": "2.88.0-1"
                },
                "to_version": {
                    "source_package_name": "glib2.0",
                    "source_package_version": "2.88.1-2",
                    "version": "2.88.1-2"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release",
                            "  * Run cme fix dpkg --save",
                            "  * Update debian/watch to comply with new Salsa CI uscan job",
                            "  * Update Standards Version to 4.7.4",
                            ""
                        ],
                        "package": "glib2.0",
                        "version": "2.88.1-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Jeremy Bícha <jbicha@ubuntu.com>",
                        "date": "Mon, 04 May 2026 18:18:03 -0400"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libglib2.0-0t64",
                "from_version": {
                    "source_package_name": "glib2.0",
                    "source_package_version": "2.88.0-1",
                    "version": "2.88.0-1"
                },
                "to_version": {
                    "source_package_name": "glib2.0",
                    "source_package_version": "2.88.1-2",
                    "version": "2.88.1-2"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release",
                            "  * Run cme fix dpkg --save",
                            "  * Update debian/watch to comply with new Salsa CI uscan job",
                            "  * Update Standards Version to 4.7.4",
                            ""
                        ],
                        "package": "glib2.0",
                        "version": "2.88.1-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Jeremy Bícha <jbicha@ubuntu.com>",
                        "date": "Mon, 04 May 2026 18:18:03 -0400"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libgnutls30t64",
                "from_version": {
                    "source_package_name": "gnutls28",
                    "source_package_version": "3.8.12-2ubuntu1",
                    "version": "3.8.12-2ubuntu1"
                },
                "to_version": {
                    "source_package_name": "gnutls28",
                    "source_package_version": "3.8.12-2ubuntu1.1",
                    "version": "3.8.12-2ubuntu1.1"
                },
                "cves": [
                    {
                        "cve": "CVE-2026-33846",
                        "url": "https://ubuntu.com/security/CVE-2026-33846",
                        "cve_description": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-04 10:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-42009",
                        "url": "https://ubuntu.com/security/CVE-2026-42009",
                        "cve_description": "A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-18 13:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-33845",
                        "url": "https://ubuntu.com/security/CVE-2026-33845",
                        "cve_description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-04-30 18:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-3832",
                        "url": "https://ubuntu.com/security/CVE-2026-3832",
                        "cve_description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-04-30 18:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-3833",
                        "url": "https://ubuntu.com/security/CVE-2026-3833",
                        "cve_description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-04-30 18:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-42011",
                        "url": "https://ubuntu.com/security/CVE-2026-42011",
                        "cve_description": "A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-07 15:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-42010",
                        "url": "https://ubuntu.com/security/CVE-2026-42010",
                        "cve_description": "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-07 12:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-5260",
                        "url": "https://ubuntu.com/security/CVE-2026-5260",
                        "cve_description": "A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-26 22:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-42012",
                        "url": "https://ubuntu.com/security/CVE-2026-42012",
                        "cve_description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-26 22:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-42013",
                        "url": "https://ubuntu.com/security/CVE-2026-42013",
                        "cve_description": "A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-26 22:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-42014",
                        "url": "https://ubuntu.com/security/CVE-2026-42014",
                        "cve_description": "A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-16 02:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-42015",
                        "url": "https://ubuntu.com/security/CVE-2026-42015",
                        "cve_description": "A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-26 22:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-5419",
                        "url": "https://ubuntu.com/security/CVE-2026-5419",
                        "cve_description": "A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-01 21:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-33846",
                                "url": "https://ubuntu.com/security/CVE-2026-33846",
                                "cve_description": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-04 10:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-42009",
                                "url": "https://ubuntu.com/security/CVE-2026-42009",
                                "cve_description": "A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-18 13:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-33845",
                                "url": "https://ubuntu.com/security/CVE-2026-33845",
                                "cve_description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-04-30 18:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-3832",
                                "url": "https://ubuntu.com/security/CVE-2026-3832",
                                "cve_description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-04-30 18:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-3833",
                                "url": "https://ubuntu.com/security/CVE-2026-3833",
                                "cve_description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-04-30 18:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-42011",
                                "url": "https://ubuntu.com/security/CVE-2026-42011",
                                "cve_description": "A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-07 15:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-42010",
                                "url": "https://ubuntu.com/security/CVE-2026-42010",
                                "cve_description": "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-07 12:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-5260",
                                "url": "https://ubuntu.com/security/CVE-2026-5260",
                                "cve_description": "A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-26 22:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-42012",
                                "url": "https://ubuntu.com/security/CVE-2026-42012",
                                "cve_description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-26 22:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-42013",
                                "url": "https://ubuntu.com/security/CVE-2026-42013",
                                "cve_description": "A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-26 22:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-42014",
                                "url": "https://ubuntu.com/security/CVE-2026-42014",
                                "cve_description": "A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-16 02:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-42015",
                                "url": "https://ubuntu.com/security/CVE-2026-42015",
                                "cve_description": "A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-26 22:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-5419",
                                "url": "https://ubuntu.com/security/CVE-2026-5419",
                                "cve_description": "A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-01 21:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: buffer overflow in DTLS handshake fragment reassembly",
                            "    - debian/patches/CVE-2026-33846-pre1.patch: buffers: shorten",
                            "      merge_handshake_packet using recv_buf in lib/buffers.c.",
                            "    - debian/patches/CVE-2026-33846.patch: buffers: add more checks to DTLS",
                            "      reassembly in lib/buffers.c.",
                            "    - CVE-2026-33846",
                            "  * SECURITY UPDATE: DTLS packets sequence number ordering issue",
                            "    - debian/patches/CVE-2026-42009-pre1.patch: buffers: match DTLS datagrams by",
                            "      sequence number in lib/buffers.c.",
                            "    - debian/patches/CVE-2026-42009-1.patch: lib/buffers: ensure packets have",
                            "      differing sequence numbers in lib/buffers.c.",
                            "    - debian/patches/CVE-2026-42009-2.patch: buffers: fix handshake_compare when",
                            "      sequence numbers match in lib/buffers.c.",
                            "    - CVE-2026-42009",
                            "  * SECURITY UPDATE: OOB read via malformed fragments with zero length and",
                            "    non-zero offset",
                            "    - debian/patches/CVE-2026-33845-pre1.patch: buffers: rename a variable in",
                            "      parse_handshake_header in lib/buffers.c.",
                            "    - debian/patches/CVE-2026-33845.patch: buffers: switch from end_offset over",
                            "      to frag_length in lib/buffers.c, lib/gnutls_int.h.",
                            "    - debian/patches/CVE-2026-33845-2.patch: buffers: simplify and tighten",
                            "      parse_handshake_header checks in lib/buffers.c.",
                            "    - CVE-2026-33845",
                            "  * SECURITY UPDATE: malformed OCSP response issue",
                            "    - debian/patches/CVE-2026-3832.patch: cert-session: fix multi-entry OCSP",
                            "      revocation bypass in lib/cert-session.c.",
                            "    - CVE-2026-3832",
                            "  * SECURITY UPDATE: policy bypass via x509 case-sensitive comparisons",
                            "    - debian/patches/CVE-2026-3833.patch: x509/name-constraints: compare domain",
                            "      names case-insensitive in lib/x509/name_constraints.c.",
                            "    - CVE-2026-3833",
                            "  * SECURITY UPDATE: permitted name constrains were incorrectly ignored",
                            "    - debian/patches/CVE-2026-42011.patch: x509/name_constraints: fix",
                            "      intersecting empty constraints in lib/x509/name_constraints.c.",
                            "    - CVE-2026-42011",
                            "  * SECURITY UPDATE: ",
                            "    - debian/patches/CVE-2026-42010.patch: lib/auth/rsa_psk: fix binary PSK",
                            "      identity lookup in lib/auth/rsa_psk.c.",
                            "    - CVE-2026-42010",
                            "  * SECURITY UPDATE: incorrect username parsing with NUL characters",
                            "    - debian/patches/CVE-2026-5260-1.patch: lib/auth/rsa: check that ciphertext",
                            "      matches the modulus size in lib/auth/rsa.c, lib/auth/rsa_psk.c.",
                            "    - debian/patches/CVE-2026-5260-2.patch: lib/pkcs11_privkey: guard against",
                            "      overreading on short ciphertexts in lib/pkcs11_privkey.c.",
                            "    - CVE-2026-5260",
                            "  * SECURITY UPDATE: ",
                            "    - debian/patches/CVE-2026-42012-pre1.patch: x509/hostname-verify: refactor",
                            "      and simplify CN fallback logic in lib/x509/hostname-verify.c.",
                            "    - debian/patches/CVE-2026-42012-pre2.patch: x509: add bare-bones awareness",
                            "      of SRV virtual SAN in lib/includes/gnutls/gnutls.h.in, lib/x509/common.h,",
                            "      lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/virt-san.c,",
                            "      lib/x509/x509.c.",
                            "    - debian/patches/CVE-2026-42012.patch: x509/hostname-verify: make URI/SRV",
                            "      SAN preclude CN fallback in lib/x509/hostname-verify.c.",
                            "    - CVE-2026-42012",
                            "  * SECURITY UPDATE: incorrect URI or SRV Subject Alternative Names checking",
                            "    - debian/patches/CVE-2026-42013-pre1.patch: x509/email-verify: call",
                            "      fallback DN fallback in lib/x509/email-verify.c.",
                            "    - debian/patches/CVE-2026-42013.patch: x509: prevent fallback on oversized",
                            "      SAN in lib/x509/email-verify.c, lib/x509/hostname-verify.c.",
                            "    - CVE-2026-42013",
                            "  * SECURITY UPDATE: UaF when changing the Security Officer PIN",
                            "    - debian/patches/CVE-2026-42014.patch: pkcs11_write: fix UAF and leak in",
                            "      gnutls_pkcs11_token_set_pin in lib/pkcs11_write.c.",
                            "    - CVE-2026-42014",
                            "  * SECURITY UPDATE: buffer overflow when appending to a PKCS#12 bag",
                            "    - debian/patches/CVE-2026-42015.patch: x509/pkcs12_bag: fix off-by-one in",
                            "      bag element bounds check in lib/x509/pkcs12_bag.c.",
                            "    - CVE-2026-42015",
                            "  * SECURITY UPDATE: non constant-time PKCS#7 padding check",
                            "    - debian/patches/CVE-2026-5419.patch: gnutls_cipher_decrypt3: make PKCS#7",
                            "      unpadding branch free in lib/crypto-api.c, lib/libgnutls.map,",
                            "      tests/Makefile.am, tests/pkcs7-pad.c.",
                            "    - debian/patches/CVE-2026-5419-2.patch: _gnutls_pkcs7_unpad: add missing",
                            "      declaration in lib/crypto-api.c.",
                            "    - CVE-2026-5419",
                            ""
                        ],
                        "package": "gnutls28",
                        "version": "3.8.12-2ubuntu1.1",
                        "urgency": "medium",
                        "distributions": "resolute-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Fri, 08 May 2026 10:11:31 -0400"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libidn2-0",
                "from_version": {
                    "source_package_name": "libidn2",
                    "source_package_version": "2.3.8-4build1",
                    "version": "2.3.8-4build1"
                },
                "to_version": {
                    "source_package_name": "libidn2",
                    "source_package_version": "2.3.8-5",
                    "version": "2.3.8-5"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Drop Rules-Requires-Root: no",
                            "  * Standards-Version: 4.7.4",
                            "  * Drop Priority: optional",
                            "  * Use pkgconf not pkg-config in d/tests/",
                            "  * Maintain as Debian Commons",
                            "  * Use watch v5",
                            "  * Bump debian/* copyright years",
                            "  * Modernize Salsa CI",
                            ""
                        ],
                        "package": "libidn2",
                        "version": "2.3.8-5",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Simon Josefsson <simon@josefsson.org>",
                        "date": "Tue, 12 May 2026 12:10:33 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libjs-sphinxdoc",
                "from_version": {
                    "source_package_name": "sphinx",
                    "source_package_version": "8.2.3-12",
                    "version": "8.2.3-12"
                },
                "to_version": {
                    "source_package_name": "sphinx",
                    "source_package_version": "9.1.0-4",
                    "version": "9.1.0-4"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  [ Stefano Rivera ]",
                            "  * Patch: Support snowball 3.1.0.",
                            "",
                            "  [ Dmitry Shachnev ]",
                            "  * Install language_data.js files for all supported languages.",
                            "  * dh_sphinxdoc:",
                            "    - Symlink language_data.js files (closes: #1137424).",
                            "    - Remove *-stemmer.js files (closes: #1073497). Sphinx installs these",
                            "      files as source for minified JS, but there is no need to ship them in",
                            "      the binary packages.",
                            "    - Generate ${sphinxdoc:Built-Using} variable only for packages that are",
                            "      already using it, add a usage note to the man page (closes: #1136263).",
                            ""
                        ],
                        "package": "sphinx",
                        "version": "9.1.0-4",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Dmitry Shachnev <mitya57@debian.org>",
                        "date": "Mon, 25 May 2026 18:19:00 +0300"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Add “X-Python3-Version: >= 3.12” to debian/control (closes: #1136119).",
                            ""
                        ],
                        "package": "sphinx",
                        "version": "9.1.0-3",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Dmitry Shachnev <mitya57@debian.org>",
                        "date": "Sat, 09 May 2026 23:40:58 +0300"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Bump Standards-Version to 4.7.4, no changes needed.",
                            "  * Upload to unstable.",
                            ""
                        ],
                        "package": "sphinx",
                        "version": "9.1.0-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Dmitry Shachnev <mitya57@debian.org>",
                        "date": "Tue, 28 Apr 2026 00:41:10 +0300"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release.",
                            "  * Bump the required version of docutils to 0.21.",
                            "  * Refresh patches for the new release.",
                            "  * Drop ‘Priority: optional’, it became default in dpkg 1.22.12.",
                            "  * Bump Standards-Version to 4.7.3, no changes needed.",
                            ""
                        ],
                        "package": "sphinx",
                        "version": "9.1.0-1",
                        "urgency": "medium",
                        "distributions": "experimental",
                        "launchpad_bugs_fixed": [],
                        "author": "Dmitry Shachnev <mitya57@debian.org>",
                        "date": "Sun, 04 Jan 2026 22:31:51 +0300"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release.",
                            "  * Drop patches, included in the new release:",
                            "    - docutils_0.22.diff",
                            "    - docutils_0.22.1.diff",
                            "    - docutils_upper_limit.diff",
                            "    - latex_footnote_french.diff",
                            "    - python3.14_autosummary.diff",
                            "    - python3.14_typing.diff",
                            "    - python3.14_autodoc.diff",
                            "    - roman-numerals-package-name.patch",
                            "  * Refresh other patches.",
                            "  * Bump required flit version to 3.11 (per pyproject.toml).",
                            "  * Update debian/watch to use version 5 and Pypi template.",
                            "  * Bump minimum versions in debian/dh-sphinxdoc/index.",
                            "  * Remove mentions of Sphinx.egg-info, flit does not generate it.",
                            "  * Regenerate minified-js and Python stopwords files during build.",
                            "  * Update numbers in debian/jstest/run-tests.",
                            ""
                        ],
                        "package": "sphinx",
                        "version": "9.0.4-1",
                        "urgency": "medium",
                        "distributions": "experimental",
                        "launchpad_bugs_fixed": [],
                        "author": "Dmitry Shachnev <mitya57@debian.org>",
                        "date": "Thu, 25 Dec 2025 21:33:08 +0300"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libldap-common",
                "from_version": {
                    "source_package_name": "openldap",
                    "source_package_version": "2.6.10+dfsg-1ubuntu5",
                    "version": "2.6.10+dfsg-1ubuntu5"
                },
                "to_version": {
                    "source_package_name": "openldap",
                    "source_package_version": "2.6.10+dfsg-1ubuntu6",
                    "version": "2.6.10+dfsg-1ubuntu6"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    12470
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * d/slapd.config: fix infinite loop for invalid initial config (LP: #12470)",
                            ""
                        ],
                        "package": "openldap",
                        "version": "2.6.10+dfsg-1ubuntu6",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [
                            12470
                        ],
                        "author": "Jonas Jelten <jj@ubuntu.com>",
                        "date": "Wed, 20 May 2026 16:23:06 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libldap2",
                "from_version": {
                    "source_package_name": "openldap",
                    "source_package_version": "2.6.10+dfsg-1ubuntu5",
                    "version": "2.6.10+dfsg-1ubuntu5"
                },
                "to_version": {
                    "source_package_name": "openldap",
                    "source_package_version": "2.6.10+dfsg-1ubuntu6",
                    "version": "2.6.10+dfsg-1ubuntu6"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    12470
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * d/slapd.config: fix infinite loop for invalid initial config (LP: #12470)",
                            ""
                        ],
                        "package": "openldap",
                        "version": "2.6.10+dfsg-1ubuntu6",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [
                            12470
                        ],
                        "author": "Jonas Jelten <jj@ubuntu.com>",
                        "date": "Wed, 20 May 2026 16:23:06 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libp11-kit0",
                "from_version": {
                    "source_package_name": "p11-kit",
                    "source_package_version": "0.26.2-2",
                    "version": "0.26.2-2"
                },
                "to_version": {
                    "source_package_name": "p11-kit",
                    "source_package_version": "0.26.2-3",
                    "version": "0.26.2-3"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Fix autopoint error with gettext 1.0. (Closes: #1137421)",
                            ""
                        ],
                        "package": "p11-kit",
                        "version": "0.26.2-3",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Andreas Metzler <ametzler@debian.org>",
                        "date": "Wed, 10 Jun 2026 18:23:09 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libparted2t64",
                "from_version": {
                    "source_package_name": "parted",
                    "source_package_version": "3.6-6",
                    "version": "3.6-6"
                },
                "to_version": {
                    "source_package_name": "parted",
                    "source_package_version": "3.7-1",
                    "version": "3.7-1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Drop \"Rules-Requires-Root: no\", default as of dpkg-dev 1.22.13.",
                            "  * debian/upstream/signing-key.asc: Update self-signatures.",
                            "  * New upstream release:",
                            "    - libparted: Do not detect ext4 without journal as ext2 (closes:",
                            "      #1103454).",
                            "  * Ship Doxygen-generated API documentation (closes: #1119679).",
                            "  * debian/copyright: Convert to copyright-format 1.0.",
                            ""
                        ],
                        "package": "parted",
                        "version": "3.7-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Colin Watson <cjwatson@debian.org>",
                        "date": "Tue, 14 Apr 2026 13:03:38 +0100"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libpsl5t64",
                "from_version": {
                    "source_package_name": "libpsl",
                    "source_package_version": "0.21.2-1.1build2",
                    "version": "0.21.2-1.1build2"
                },
                "to_version": {
                    "source_package_name": "libpsl",
                    "source_package_version": "0.21.5-1",
                    "version": "0.21.5-1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream version 0.21.5 (Closes: #1123613)",
                            "  * d/patches/0003-Add-m4-visibility....patch: now part of upstream, so",
                            "    dropped",
                            "  * d/copyright: update year for new upstream release",
                            "  * d/patches/: mark remaining patches with 'Forwarded: not-needed'",
                            "  * d/control: s#pkg-config#pkgconf#",
                            "  * d/control,copyright: add myself as Uploader",
                            "  * d/control: Standards-Version: 4.7.3",
                            "  * d/psl-make-dafsa.install: upstream now installs psl-make-dafsa",
                            "  * d/control: drop now-obsolete fields",
                            "  * d/libpsl5t64.lintian-overrides: now superfluous and thus dropped",
                            "  * d/control: simplify redundant build prerequisites on dpkg-dev",
                            "  * d/control: drop ${shlibs:Depends} on arch all package",
                            "  * d/rules: use execute_before instead of override where possible",
                            "  * d/salsa-ci.yml: added",
                            ""
                        ],
                        "package": "libpsl",
                        "version": "0.21.5-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Florian Ernst <florian@debian.org>",
                        "date": "Sat, 14 Mar 2026 16:21:50 +0100"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libpython3.14-minimal",
                "from_version": {
                    "source_package_name": "python3.14",
                    "source_package_version": "3.14.4-1",
                    "version": "3.14.4-1"
                },
                "to_version": {
                    "source_package_name": "python3.14",
                    "source_package_version": "3.14.6-1",
                    "version": "3.14.6-1"
                },
                "cves": [
                    {
                        "cve": "CVE-2026-9669",
                        "url": "https://ubuntu.com/security/CVE-2026-9669",
                        "cve_description": "bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-08 23:17:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-8328",
                        "url": "https://ubuntu.com/security/CVE-2026-8328",
                        "cve_description": "The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls parse227() directly and passes the raw attacker-controllable IP address and port to target.sendport(). This patch is related to CVE-2021-4189.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-13 21:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-7774",
                        "url": "https://ubuntu.com/security/CVE-2026-7774",
                        "cve_description": "tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-04 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-7210",
                        "url": "https://ubuntu.com/security/CVE-2026-7210",
                        "cve_description": "`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\\r\\n\\r\\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-11 18:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-3276",
                        "url": "https://ubuntu.com/security/CVE-2026-3276",
                        "cve_description": "unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-03 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-5713",
                        "url": "https://ubuntu.com/security/CVE-2026-5713",
                        "cve_description": "The \"profiling.sampling\" module (Python 3.15+) and \"asyncio introspection capabilities\" (3.14+, \"python -m asyncio ps\" and \"python -m asyncio pstree\") features could be used to read and write addresses in a privileged process if that process connected to a malicious or \"infected\" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-04-14 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-4786",
                        "url": "https://ubuntu.com/security/CVE-2026-4786",
                        "cve_description": "Mitgation of CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-04-13 22:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-1502",
                        "url": "https://ubuntu.com/security/CVE-2026-1502",
                        "cve_description": "CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-04-10 18:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-9669",
                                "url": "https://ubuntu.com/security/CVE-2026-9669",
                                "cve_description": "bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-08 23:17:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-8328",
                                "url": "https://ubuntu.com/security/CVE-2026-8328",
                                "cve_description": "The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls parse227() directly and passes the raw attacker-controllable IP address and port to target.sendport(). This patch is related to CVE-2021-4189.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-13 21:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-7774",
                                "url": "https://ubuntu.com/security/CVE-2026-7774",
                                "cve_description": "tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-04 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-7210",
                                "url": "https://ubuntu.com/security/CVE-2026-7210",
                                "cve_description": "`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\\r\\n\\r\\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-11 18:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-3276",
                                "url": "https://ubuntu.com/security/CVE-2026-3276",
                                "cve_description": "unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-03 16:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * Python 3.14.6 release.",
                            "    - Avoid crash decompressing untrusted bz2 data. CVE-2026-9669.",
                            "    - Don't trust server-provided passive connection addresses in ftplib.",
                            "      CVE-2026-8328.",
                            "    - Don't allow untrusted tarfile extraction to write outside the",
                            "      destination. CVE-2026-7774.",
                            "    - Protects against DoS in expat XML parsing. CVE-2026-7210.",
                            "    - Avoid DoS in unicode normalization. CVE-2026-3276.",
                            "",
                            "  [ Colin Watson ]",
                            "  * Drop libnsl-dev build-dependency, which is superfluous since the nis",
                            "    module was removed in Python 3.13.",
                            "",
                            "  [ Stefano Rivera ]",
                            "  * Refresh patches.",
                            "  * Drop mention of gdbinit from README.debug. Closes: #1109449.",
                            "  * Tidy up python3.X-config manpage. Closes: #1101810.",
                            "  * Build with -fno-thread-jumps, instead of -O1 on m68k. Closes: #1139593",
                            ""
                        ],
                        "package": "python3.14",
                        "version": "3.14.6-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Stefano Rivera <stefanor@debian.org>",
                        "date": "Wed, 10 Jun 2026 14:54:31 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-5713",
                                "url": "https://ubuntu.com/security/CVE-2026-5713",
                                "cve_description": "The \"profiling.sampling\" module (Python 3.15+) and \"asyncio introspection capabilities\" (3.14+, \"python -m asyncio ps\" and \"python -m asyncio pstree\") features could be used to read and write addresses in a privileged process if that process connected to a malicious or \"infected\" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-04-14 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-4786",
                                "url": "https://ubuntu.com/security/CVE-2026-4786",
                                "cve_description": "Mitgation of CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-04-13 22:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-1502",
                                "url": "https://ubuntu.com/security/CVE-2026-1502",
                                "cve_description": "CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-04-10 18:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * Python 3.14.5 release.",
                            "    Fixes:",
                            "    - CVE-2026-5713: Validate remote debug offset tables on load.",
                            "    - CVE-2026-4786: Fix webbrowser %action substitution bypass of dash-prefix",
                            "      check.",
                            "    - CVE-2026-1502: Reject CR/LF in HTTP tunnel request headers.",
                            "",
                            "  [ Stefano Rivera ]",
                            "  * Refresh patches.",
                            "  * Update build-details path to include abiflags, and move it to",
                            "    libpython3.14-minimal / libpython3.14-dbg.",
                            "  * Patch: Fix test_pyexpat on i386. (Closes: #1135052)",
                            "  * Patch: Generate the correct base_interpreter in build-details on debug",
                            "    builds.",
                            "",
                            "  [ Matthias Klose ]",
                            "  * Run the tests with -j 2 instead of running sequentially.",
                            ""
                        ],
                        "package": "python3.14",
                        "version": "3.14.5-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Stefano Rivera <stefanor@debian.org>",
                        "date": "Sun, 10 May 2026 21:38:08 -0400"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Python 3.14.5 release candidate.",
                            "  * Skip pyexpat.test_deeply_nested_content_model on i386.",
                            "  * Refresh patches.",
                            ""
                        ],
                        "package": "python3.14",
                        "version": "3.14.5~rc1-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Wed, 06 May 2026 06:21:50 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Install _sysconfig_vars.json for the debug build.",
                            "  * d/t/control: Add python-tk to failing-tests-dbg dependencies.",
                            "  * d/t/testsuite-dbg: Don't run test_build_details, the build-details",
                            "    file for the debug interpreter is not installed.",
                            "  * Bump standards version.",
                            ""
                        ],
                        "package": "python3.14",
                        "version": "3.14.4-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Wed, 22 Apr 2026 12:14:09 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libpython3.14-stdlib",
                "from_version": {
                    "source_package_name": "python3.14",
                    "source_package_version": "3.14.4-1",
                    "version": "3.14.4-1"
                },
                "to_version": {
                    "source_package_name": "python3.14",
                    "source_package_version": "3.14.6-1",
                    "version": "3.14.6-1"
                },
                "cves": [
                    {
                        "cve": "CVE-2026-9669",
                        "url": "https://ubuntu.com/security/CVE-2026-9669",
                        "cve_description": "bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-08 23:17:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-8328",
                        "url": "https://ubuntu.com/security/CVE-2026-8328",
                        "cve_description": "The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls parse227() directly and passes the raw attacker-controllable IP address and port to target.sendport(). This patch is related to CVE-2021-4189.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-13 21:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-7774",
                        "url": "https://ubuntu.com/security/CVE-2026-7774",
                        "cve_description": "tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-04 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-7210",
                        "url": "https://ubuntu.com/security/CVE-2026-7210",
                        "cve_description": "`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\\r\\n\\r\\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-11 18:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-3276",
                        "url": "https://ubuntu.com/security/CVE-2026-3276",
                        "cve_description": "unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-03 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-5713",
                        "url": "https://ubuntu.com/security/CVE-2026-5713",
                        "cve_description": "The \"profiling.sampling\" module (Python 3.15+) and \"asyncio introspection capabilities\" (3.14+, \"python -m asyncio ps\" and \"python -m asyncio pstree\") features could be used to read and write addresses in a privileged process if that process connected to a malicious or \"infected\" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-04-14 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-4786",
                        "url": "https://ubuntu.com/security/CVE-2026-4786",
                        "cve_description": "Mitgation of CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-04-13 22:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-1502",
                        "url": "https://ubuntu.com/security/CVE-2026-1502",
                        "cve_description": "CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-04-10 18:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-9669",
                                "url": "https://ubuntu.com/security/CVE-2026-9669",
                                "cve_description": "bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-08 23:17:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-8328",
                                "url": "https://ubuntu.com/security/CVE-2026-8328",
                                "cve_description": "The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls parse227() directly and passes the raw attacker-controllable IP address and port to target.sendport(). This patch is related to CVE-2021-4189.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-13 21:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-7774",
                                "url": "https://ubuntu.com/security/CVE-2026-7774",
                                "cve_description": "tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-04 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-7210",
                                "url": "https://ubuntu.com/security/CVE-2026-7210",
                                "cve_description": "`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\\r\\n\\r\\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-11 18:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-3276",
                                "url": "https://ubuntu.com/security/CVE-2026-3276",
                                "cve_description": "unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-03 16:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * Python 3.14.6 release.",
                            "    - Avoid crash decompressing untrusted bz2 data. CVE-2026-9669.",
                            "    - Don't trust server-provided passive connection addresses in ftplib.",
                            "      CVE-2026-8328.",
                            "    - Don't allow untrusted tarfile extraction to write outside the",
                            "      destination. CVE-2026-7774.",
                            "    - Protects against DoS in expat XML parsing. CVE-2026-7210.",
                            "    - Avoid DoS in unicode normalization. CVE-2026-3276.",
                            "",
                            "  [ Colin Watson ]",
                            "  * Drop libnsl-dev build-dependency, which is superfluous since the nis",
                            "    module was removed in Python 3.13.",
                            "",
                            "  [ Stefano Rivera ]",
                            "  * Refresh patches.",
                            "  * Drop mention of gdbinit from README.debug. Closes: #1109449.",
                            "  * Tidy up python3.X-config manpage. Closes: #1101810.",
                            "  * Build with -fno-thread-jumps, instead of -O1 on m68k. Closes: #1139593",
                            ""
                        ],
                        "package": "python3.14",
                        "version": "3.14.6-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Stefano Rivera <stefanor@debian.org>",
                        "date": "Wed, 10 Jun 2026 14:54:31 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-5713",
                                "url": "https://ubuntu.com/security/CVE-2026-5713",
                                "cve_description": "The \"profiling.sampling\" module (Python 3.15+) and \"asyncio introspection capabilities\" (3.14+, \"python -m asyncio ps\" and \"python -m asyncio pstree\") features could be used to read and write addresses in a privileged process if that process connected to a malicious or \"infected\" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-04-14 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-4786",
                                "url": "https://ubuntu.com/security/CVE-2026-4786",
                                "cve_description": "Mitgation of CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-04-13 22:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-1502",
                                "url": "https://ubuntu.com/security/CVE-2026-1502",
                                "cve_description": "CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-04-10 18:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * Python 3.14.5 release.",
                            "    Fixes:",
                            "    - CVE-2026-5713: Validate remote debug offset tables on load.",
                            "    - CVE-2026-4786: Fix webbrowser %action substitution bypass of dash-prefix",
                            "      check.",
                            "    - CVE-2026-1502: Reject CR/LF in HTTP tunnel request headers.",
                            "",
                            "  [ Stefano Rivera ]",
                            "  * Refresh patches.",
                            "  * Update build-details path to include abiflags, and move it to",
                            "    libpython3.14-minimal / libpython3.14-dbg.",
                            "  * Patch: Fix test_pyexpat on i386. (Closes: #1135052)",
                            "  * Patch: Generate the correct base_interpreter in build-details on debug",
                            "    builds.",
                            "",
                            "  [ Matthias Klose ]",
                            "  * Run the tests with -j 2 instead of running sequentially.",
                            ""
                        ],
                        "package": "python3.14",
                        "version": "3.14.5-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Stefano Rivera <stefanor@debian.org>",
                        "date": "Sun, 10 May 2026 21:38:08 -0400"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Python 3.14.5 release candidate.",
                            "  * Skip pyexpat.test_deeply_nested_content_model on i386.",
                            "  * Refresh patches.",
                            ""
                        ],
                        "package": "python3.14",
                        "version": "3.14.5~rc1-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Wed, 06 May 2026 06:21:50 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Install _sysconfig_vars.json for the debug build.",
                            "  * d/t/control: Add python-tk to failing-tests-dbg dependencies.",
                            "  * d/t/testsuite-dbg: Don't run test_build_details, the build-details",
                            "    file for the debug interpreter is not installed.",
                            "  * Bump standards version.",
                            ""
                        ],
                        "package": "python3.14",
                        "version": "3.14.4-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Wed, 22 Apr 2026 12:14:09 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "librtmp1",
                "from_version": {
                    "source_package_name": "rtmpdump",
                    "source_package_version": "2.4+20151223.gitfa8646d.1-3",
                    "version": "2.4+20151223.gitfa8646d.1-3"
                },
                "to_version": {
                    "source_package_name": "rtmpdump",
                    "source_package_version": "2.6-1",
                    "version": "2.6-1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream version 2.6 (Closes: #1132877)",
                            "  * debian/control:",
                            "    - Bump Standards-Version",
                            "    - Remove Priority: optional",
                            "  * debian/watch: Upgrade to version 5 and switch to git as source",
                            "  * debian/rules:",
                            "    - Remove --no-parallel",
                            "    - Remove -Wl,--as-needed",
                            ""
                        ],
                        "package": "rtmpdump",
                        "version": "2.6-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Sebastian Ramacher <sramacher@debian.org>",
                        "date": "Fri, 10 Apr 2026 10:35:13 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libselinux1",
                "from_version": {
                    "source_package_name": "libselinux",
                    "source_package_version": "3.9-4build1",
                    "version": "3.9-4build1"
                },
                "to_version": {
                    "source_package_name": "libselinux",
                    "source_package_version": "3.10-1",
                    "version": "3.10-1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream version 3.10",
                            "",
                            "  * d/watch: rewrite in version 5",
                            "  * d/u/signing-key.asc: add key from Jason Zaman",
                            "  * d/patches:",
                            "    - rebase and drop upstream applied patch",
                            "    - fix FTBFS on alpha",
                            "  * d/libselinux1.symbols: add selinux_restorecon_get_relabeled_files(3)",
                            ""
                        ],
                        "package": "libselinux",
                        "version": "3.10-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Christian Göttsche <cgzones@googlemail.com>",
                        "date": "Tue, 10 Feb 2026 23:01:23 +0100"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * d/changelog: fix typo",
                            "  * d/control:",
                            "    - drop priority field with default value",
                            "    - bump Standards-Version to 4.7.3 (no further changes)",
                            "    - drop deprecated and unused XS-Ruby-Versions field",
                            "  * d/patches: build shared libraries with -fPIC (Closes: #1123905)",
                            "  * d/copyright: update debian/* section",
                            ""
                        ],
                        "package": "libselinux",
                        "version": "3.9-5",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Christian Göttsche <cgzones@googlemail.com>",
                        "date": "Sun, 01 Feb 2026 19:49:54 +0100"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libssh2-1t64",
                "from_version": {
                    "source_package_name": "libssh2",
                    "source_package_version": "1.11.1-1build2",
                    "version": "1.11.1-1build2"
                },
                "to_version": {
                    "source_package_name": "libssh2",
                    "source_package_version": "1.11.1-3",
                    "version": "1.11.1-3"
                },
                "cves": [
                    {
                        "cve": "CVE-2026-7598",
                        "url": "https://ubuntu.com/security/CVE-2026-7598",
                        "cve_description": "A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-01 22:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-7598",
                                "url": "https://ubuntu.com/security/CVE-2026-7598",
                                "cve_description": "A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-01 22:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * d/patches: Fix integer overflow in userauth_password",
                            "    Fixes CVE-2026-7598 (Closes: #1135647)",
                            "  * d/control: Update standards version to 4.7.4",
                            ""
                        ],
                        "package": "libssh2",
                        "version": "1.11.1-3",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Nicolas Mora <babelouest@debian.org>",
                        "date": "Mon, 04 May 2026 07:35:17 -0400"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Fix ftbfs, thanks Collin Watson (Closes: #1129134)",
                            "  * d/control: Remove Priority option",
                            "  * d/control: Remove Rules-Requires-Root option",
                            "  * d/control: Update standards version to 4.7.3",
                            ""
                        ],
                        "package": "libssh2",
                        "version": "1.11.1-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Nicolas Mora <babelouest@debian.org>",
                        "date": "Wed, 18 Mar 2026 17:01:10 -0400"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libstdc++6",
                "from_version": {
                    "source_package_name": "gcc-16",
                    "source_package_version": "16-20260322-1ubuntu1",
                    "version": "16-20260322-1ubuntu1"
                },
                "to_version": {
                    "source_package_name": "gcc-16",
                    "source_package_version": "16.1.0-2ubuntu1",
                    "version": "16.1.0-2ubuntu1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2152642
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Merge with Debian; remaining changes:",
                            "    - Build from upstream sources.",
                            "    - Work-around the 80GB chroot size on the Ubuntu buildds.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-2ubuntu1",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@ubuntu.com>",
                        "date": "Sat, 13 Jun 2026 11:14:58 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Update to git 20260613 from the gcc-16 branch.",
                            "    - Fix PR target/125751 (AVR), PR target/125611 (X86),",
                            "      PR rtl-optimization/125375, PR target/122827 (AArch64),",
                            "      PR tree-optimization/125250, PR middle-end/125156, PR target/124870 (ARM),",
                            "      PR target/125215 (RISCV), PR tree-optimization/124151,",
                            "      PR target/124895 (AArch64), PR target/125409 (AVR),",
                            "      PR target/125362 (loongarch), PR target/125320 (RISCV),",
                            "      PR target/125373 (X86), PR other/125348, PR target/125355 (X86),",
                            "      PR target/125355 (X86), PR target/125351 (X86), PR target/120870 (X86),",
                            "      PR tree-optimization/125291, PR target/125308 (X86),",
                            "      PR target/124316 (X86), PR target/125194 (AVR),",
                            "      PR target/125049 (loongarch), PR middle-end/125259,",
                            "      PR target/53929 (MingW), PR ada/125695, PR ada/18205, PR other/125348,",
                            "      PR ada/125240, PR c/124532, PR c++/125284, PR c++/125333, PR c++/125498,",
                            "      PR c++/125334, PR c++/125378, PR c++/125490, PR c++/125123,",
                            "      PR c++/125412, PR c++/125376, PR c++/125454, PR c++/125423,",
                            "      PR c++/125135, PR c++/125384, PR c++/113563, PR c++/125007,",
                            "      PR c++/125315, PR c++/124628, PR c++/125184, PR c++/125111,",
                            "      PR c++/124991, PR c++/125280, PR c++/100903, PR c++/115181,",
                            "      PR c++/125043, PR c++/124979, PR c++/125208, PR fortran/125669,",
                            "      PR fortran/125606, PR fortran/125393, PR fortran/105582,",
                            "      PR fortran/125391, PR fortran/125416, PR fortran/106546,",
                            "      PR fortran/115260, PR fortran/125021, PR fortran/125192,",
                            "      PR fortran/125198, PR fortran/111952, PR fortran/125059,",
                            "      PR other/125348, PR target/125752 (AVR), PR libfortran/125095,",
                            "      PR libstdc++/125450, PR libstdc++/125374, PR libstdc++/125369,",
                            "      PR libstdc++/78302, PR libstdc++/71301, PR libstdc++/125312.",
                            "",
                            "  [ Matthias Klose ]",
                            "  * Build using GNAT 15 for now. See #1136069.",
                            "  * Configure --with-arch=rv64gc on Ubuntu/riscv64. LP: #2152642.",
                            "  * Apply proposed patch for PR rtl-optimization/123853 (m68k). See #1107416.",
                            "  * Still configure --with-arch=rv64gc for Debian/riscv64 backports.",
                            "  * Apply PR middle-end/124637, taken from the trunk. Addresses: #1131886.",
                            "",
                            "  [ Aurelien Jarno ]",
                            "  * Configure --with-arch=rva20u64 on Debian/riscv64.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [
                            2152642
                        ],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Sat, 13 Jun 2026 10:54:28 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Build using GNAT 15 for now. See #1136069.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-1ubuntu2",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@ubuntu.com>",
                        "date": "Sat, 09 May 2026 08:29:53 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Merge with Debian; remaining changes:",
                            "    - Build from upstream sources.",
                            "    - Work-around the 80GB chroot size on the Ubuntu buildds.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-1ubuntu1",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@ubuntu.com>",
                        "date": "Sat, 09 May 2026 08:05:35 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * GCC 16.1.0 release.",
                            "  * Update to git 20260509 from the gcc-16 branch.",
                            "    - Fix PR target/120587 (OR1K), PR target/125155 (OR1K),",
                            "      PR target/125057 (loongarch), PR target/125180 (x86),",
                            "      PR tree-optimization/125079, PR tree-optimization/125079,",
                            "      PR target/125117 (x86), PR target/124984 (RISCV), PR middle-end/123635,",
                            "      PR tree-optimization/125039, PR target/124133 (PPC), PR middle-end/123635,",
                            "      PR tree-optimization/124988, PR ada/125168, PR ada/125044,",
                            "      PR c++/124770, PR c++/125206, PR c++/125179, PR c++/124957,",
                            "      PR c++/125115, PR c++/124926, PR c++/124989, PR c++/124756,",
                            "      PR c++/125096, PR c++/125035, PR c++/124582, PR c++/123810,",
                            "      PR c++/124953, PR c++/124981, PR d/125089, PR libstdc++/109965,",
                            "      PR libstdc++/121919, PR libstdc++/125112, PR libstdc++/125024,",
                            "      PR tree-optimization/125185, PR middle-end/125146,",
                            "      PR tree-optimization/125025, PR tree-optimization/125025,.",
                            "    - Revert fix for PR tree-optimization/120003.",
                            "  * d/shlibs.common: Add libgdiagnostics.",
                            "  * Drop the debian/lib{32,64}stdc++CXX.postinst scripts, GCC 4.4 times ...",
                            "  * Update NEWS files.",
                            "  * Bump standards version.",
                            "  * libstdc++-dev: Make baseline file reproducible. Addresses: #1133772.",
                            "  * Configure with --enable-checking=release on amd64, but keep the extra",
                            "    checking on arm64 i386 mips64el ppc64 ppc64el s390x for now.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16.1.0-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Sat, 09 May 2026 06:46:33 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Snapshot, taken from the gcc-16 branch (20260425, release candidate).",
                            "  * Fix typo in libgcc-s symbols file.",
                            "  * Update libgphobos symbols file for amd64.",
                            "  * Refresh cross-install-location patch.",
                            "  * Replace outdated postal FSF address with URL.",
                            "  * Turn on again PGO/LTO builds for most 64bit architectures.",
                            "  * Turn on running the testsuite again.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16-20260425-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Sat, 25 Apr 2026 07:19:09 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Snapshot, taken from the gcc-16 branch (20260423).",
                            "  * Require bison 3.5.1 or 3.8.2 for the gcobol build.",
                            "  * Update the ada-armel-libatomic patch for PR ada/107475.",
                            "  * Build gcc itself with branch-protection (Emanuele Rocca). Closes: #1130592.",
                            "    - On arm64 by appending CFLAGS_SECURE to BOOT_CFLAGS.",
                            "    - Set BOOT_CFLAGS explicitly instead of relying on upstream defaults.",
                            "  * libgfortran-dev: Install libcaf_shmem.a.",
                            "  * Add conflicts for GCC 15 binary packages. Closes: #1133161.",
                            ""
                        ],
                        "package": "gcc-16",
                        "version": "16-20260423-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Thu, 23 Apr 2026 12:03:13 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libwrap0",
                "from_version": {
                    "source_package_name": "tcp-wrappers",
                    "source_package_version": "7.6.q-36build2",
                    "version": "7.6.q-36build2"
                },
                "to_version": {
                    "source_package_name": "tcp-wrappers",
                    "source_package_version": "7.6.q-37",
                    "version": "7.6.q-37"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2132257
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * No-change mass rebuild for Ubuntu 26.04 (LP: #2132257)",
                            ""
                        ],
                        "package": "tcp-wrappers",
                        "version": "7.6.q-36build2",
                        "urgency": "medium",
                        "distributions": "resolute",
                        "launchpad_bugs_fixed": [
                            2132257
                        ],
                        "author": "Sebastien Bacher <seb128@debian.org>",
                        "date": "Mon, 02 Feb 2026 21:46:55 +0100"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Rebuild to include updated RISC-V base ISA RVA23",
                            ""
                        ],
                        "package": "tcp-wrappers",
                        "version": "7.6.q-36build1",
                        "urgency": "medium",
                        "distributions": "questing",
                        "launchpad_bugs_fixed": [],
                        "author": "Heinrich Schuchardt <heinrich.schuchardt@canonical.com>",
                        "date": "Sat, 06 Sep 2025 15:35:05 +0000"
                    }
                ],
                "notes": null,
                "is_version_downgrade": true
            },
            {
                "name": "parted",
                "from_version": {
                    "source_package_name": "parted",
                    "source_package_version": "3.6-6",
                    "version": "3.6-6"
                },
                "to_version": {
                    "source_package_name": "parted",
                    "source_package_version": "3.7-1",
                    "version": "3.7-1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Drop \"Rules-Requires-Root: no\", default as of dpkg-dev 1.22.13.",
                            "  * debian/upstream/signing-key.asc: Update self-signatures.",
                            "  * New upstream release:",
                            "    - libparted: Do not detect ext4 without journal as ext2 (closes:",
                            "      #1103454).",
                            "  * Ship Doxygen-generated API documentation (closes: #1119679).",
                            "  * debian/copyright: Convert to copyright-format 1.0.",
                            ""
                        ],
                        "package": "parted",
                        "version": "3.7-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Colin Watson <cjwatson@debian.org>",
                        "date": "Tue, 14 Apr 2026 13:03:38 +0100"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "pci.ids",
                "from_version": {
                    "source_package_name": "pci.ids",
                    "source_package_version": "0.0~2026.05.30-1",
                    "version": "0.0~2026.05.30-1"
                },
                "to_version": {
                    "source_package_name": "pci.ids",
                    "source_package_version": "0.0~2026.06.16-1",
                    "version": "0.0~2026.06.16-1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release.",
                            "  * Require Perl 5.40 in autopkgtest.",
                            "  * Switch to use Perl sub signatures in autopkgtest.",
                            ""
                        ],
                        "package": "pci.ids",
                        "version": "0.0~2026.06.16-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Guillem Jover <guillem@debian.org>",
                        "date": "Tue, 16 Jun 2026 04:08:59 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "perl-base",
                "from_version": {
                    "source_package_name": "perl",
                    "source_package_version": "5.40.1-7build1",
                    "version": "5.40.1-7build1"
                },
                "to_version": {
                    "source_package_name": "perl",
                    "source_package_version": "5.40.1-8",
                    "version": "5.40.1-8"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-15649",
                        "url": "https://ubuntu.com/security/CVE-2025-15649",
                        "cve_description": "IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date.  _dosToUnixTime() decodes the local-file-header last-modification date field and calls Time::Local::timelocal() without an eval guard. A header whose date field decodes to an out-of-range month, day, or hour causes timelocal() to die.  The exception propagates out of IO::Uncompress::Unzip->new($file) where callers expect undef plus $UnzipError.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-27 04:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-7010",
                        "url": "https://ubuntu.com/security/CVE-2026-7010",
                        "cve_description": "HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values.  The unvalidated inputs are the method and URI in the request line, the URL host that becomes the `Host:` header, and HTTP/1.1 control data field values.  An attacker who controls one of these inputs, for example a user supplied URL passed to a webhook or URL fetch endpoint, can inject additional headers and smuggle requests to the upstream server.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-11 22:22:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-8376",
                        "url": "https://ubuntu.com/security/CVE-2026-8376",
                        "cve_description": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds.  Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer.  A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-26 00:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-48959",
                        "url": "https://ubuntu.com/security/CVE-2026-48959",
                        "cve_description": "IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward.  fastForward() compares length $offset (the digit count of the offset, 1 to 19) against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration.  Extracting a named entry from an attacker supplied zip via IO::Uncompress::Unzip->new($zip, Name => $target) drives a per-byte read loop scaling with the entry's compressed size, up to the non-Zip64 4 GiB cap.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-27 04:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-48961",
                        "url": "https://ubuntu.com/security/CVE-2026-48961",
                        "cve_description": "IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID.  When decode_ux() in bin/zipdetails handles an Info-ZIP Unix Extra Field (tag 0x7875) with UID Size or GID Size set to 8, causing zipdetails to decode an 8-byte UID or GID value, it dispatches through decodeLitteEndian(), which calls a misnamed helper unpackValueQ. The actual function defined in the same file is unpackValue_Q (with underscore); the call raises 'Undefined subroutine &main::unpackValueQ' and the script exits with status 255.  Library callers of IO::Compress and IO::Uncompress are not affected; the defect is in the bundled CLI tool.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-27 04:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-48962",
                        "url": "https://ubuntu.com/security/CVE-2026-48962",
                        "cve_description": "IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob.  _parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parser state; _getFiles() then runs the stored expression through eval STRING. A literal double quote in the output glob closes the dquote wrapper, and the characters that follow are evaluated as Perl.  Arbitrary Perl in the output glob executes at the calling process's privilege.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-27 04:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-15649",
                                "url": "https://ubuntu.com/security/CVE-2025-15649",
                                "cve_description": "IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date.  _dosToUnixTime() decodes the local-file-header last-modification date field and calls Time::Local::timelocal() without an eval guard. A header whose date field decodes to an out-of-range month, day, or hour causes timelocal() to die.  The exception propagates out of IO::Uncompress::Unzip->new($file) where callers expect undef plus $UnzipError.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-27 04:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-7010",
                                "url": "https://ubuntu.com/security/CVE-2026-7010",
                                "cve_description": "HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values.  The unvalidated inputs are the method and URI in the request line, the URL host that becomes the `Host:` header, and HTTP/1.1 control data field values.  An attacker who controls one of these inputs, for example a user supplied URL passed to a webhook or URL fetch endpoint, can inject additional headers and smuggle requests to the upstream server.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-11 22:22:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-8376",
                                "url": "https://ubuntu.com/security/CVE-2026-8376",
                                "cve_description": "Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds.  Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer.  A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-26 00:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-48959",
                                "url": "https://ubuntu.com/security/CVE-2026-48959",
                                "cve_description": "IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward.  fastForward() compares length $offset (the digit count of the offset, 1 to 19) against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19 bytes per iteration.  Extracting a named entry from an attacker supplied zip via IO::Uncompress::Unzip->new($zip, Name => $target) drives a per-byte read loop scaling with the entry's compressed size, up to the non-Zip64 4 GiB cap.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-27 04:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-48961",
                                "url": "https://ubuntu.com/security/CVE-2026-48961",
                                "cve_description": "IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID.  When decode_ux() in bin/zipdetails handles an Info-ZIP Unix Extra Field (tag 0x7875) with UID Size or GID Size set to 8, causing zipdetails to decode an 8-byte UID or GID value, it dispatches through decodeLitteEndian(), which calls a misnamed helper unpackValueQ. The actual function defined in the same file is unpackValue_Q (with underscore); the call raises 'Undefined subroutine &main::unpackValueQ' and the script exits with status 255.  Library callers of IO::Compress and IO::Uncompress are not affected; the defect is in the bundled CLI tool.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-27 04:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-48962",
                                "url": "https://ubuntu.com/security/CVE-2026-48962",
                                "cve_description": "IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob.  _parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parser state; _getFiles() then runs the stored expression through eval STRING. A literal double quote in the output glob closes the dquote wrapper, and the characters that follow are evaluated as Perl.  Arbitrary Perl in the output glob executes at the calling process's privilege.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-27 04:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * [SECURITY] backport various fixes from upstream:",
                            "    + CVE-2025-15649: header parsing in IO::Uncompress::Unzip.",
                            "        (Closes: #1138863)",
                            "    + CVE-2026-7010:  CRLF-validation in HTTP::Tiny.",
                            "        (Closes: #1138858)",
                            "    + CVE-2026-8376:  Buffer overflow in Perl_study_chunk.",
                            "        (Closes: #1137345)",
                            "    + CVE-2026-48959: CPU exhaustion in IO::Uncompress::Unzip.",
                            "        (Closes: #1138856)",
                            "    + CVE-2026-48961: crash in zipdetails.",
                            "        (Closes: #1138855)",
                            "    + CVE-2026-48962: code execution in IO-Compress via output globs.",
                            "        (Closes: #1138854)",
                            "    + buffer overflows in pack().",
                            "        (Closes: #1138905)",
                            "    + buffer overflow in Storable.",
                            "        (Closes: #1138906)",
                            ""
                        ],
                        "package": "perl",
                        "version": "5.40.1-8",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Niko Tyni <ntyni@debian.org>",
                        "date": "Sat, 06 Jun 2026 17:22:29 +0300"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "python3-attr",
                "from_version": {
                    "source_package_name": "python-attrs",
                    "source_package_version": "25.4.0-1build1",
                    "version": "25.4.0-1build1"
                },
                "to_version": {
                    "source_package_name": "python-attrs",
                    "source_package_version": "26.1.0-1",
                    "version": "26.1.0-1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream version 26.1.0",
                            "  * Refresh patches (no functional changes)",
                            "  * Bump Standards-Version to 4.7.4",
                            ""
                        ],
                        "package": "python-attrs",
                        "version": "26.1.0-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Timo Röhling <roehling@debian.org>",
                        "date": "Wed, 08 Apr 2026 22:50:57 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "python3-certifi",
                "from_version": {
                    "source_package_name": "python-certifi",
                    "source_package_version": "2026.1.4+ds-1",
                    "version": "2026.1.4+ds-1"
                },
                "to_version": {
                    "source_package_name": "python-certifi",
                    "source_package_version": "2026.5.20+ds-1",
                    "version": "2026.5.20+ds-1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release.",
                            ""
                        ],
                        "package": "python-certifi",
                        "version": "2026.5.20+ds-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Colin Watson <cjwatson@debian.org>",
                        "date": "Sun, 24 May 2026 13:29:49 +0100"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release.",
                            "  * Bump Standards-Version to 4.7.4, drop Priority: optional.",
                            ""
                        ],
                        "package": "python-certifi",
                        "version": "2026.4.22+ds-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Stefano Rivera <stefanor@debian.org>",
                        "date": "Fri, 24 Apr 2026 17:10:20 -0400"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release.",
                            ""
                        ],
                        "package": "python-certifi",
                        "version": "2026.2.25+ds-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Colin Watson <cjwatson@debian.org>",
                        "date": "Fri, 27 Feb 2026 09:46:22 +0000"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "python3-jinja2",
                "from_version": {
                    "source_package_name": "jinja2",
                    "source_package_version": "3.1.6-1build1",
                    "version": "3.1.6-1build1"
                },
                "to_version": {
                    "source_package_name": "jinja2",
                    "source_package_version": "3.1.6-2",
                    "version": "3.1.6-2"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Team upload.",
                            "  * Remove ancient Python 3.6-era debian/python3-jinja2.bcep",
                            "  * Disable useless Salsa CI jobs",
                            "  * Bump Standards-Version to 4.7.3, drop Priority: tag",
                            "  * Tag python3-trio dependency as <!nocheck>",
                            "",
                            "  [ Bastian Germann ]",
                            "  * d/copyright: Use machine-readable format",
                            ""
                        ],
                        "package": "jinja2",
                        "version": "3.1.6-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Alexandre Detiste <tchet@debian.org>",
                        "date": "Mon, 16 Mar 2026 21:00:10 +0100"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "python3-jwt",
                "from_version": {
                    "source_package_name": "pyjwt",
                    "source_package_version": "2.10.1-4ubuntu1",
                    "version": "2.10.1-4ubuntu1"
                },
                "to_version": {
                    "source_package_name": "pyjwt",
                    "source_package_version": "2.12.1-1",
                    "version": "2.12.1-1"
                },
                "cves": [
                    {
                        "cve": "CVE-2026-32597",
                        "url": "https://ubuntu.com/security/CVE-2026-32597",
                        "cve_description": "PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-03-13 19:55:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-32597",
                                "url": "https://ubuntu.com/security/CVE-2026-32597",
                                "cve_description": "PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-03-13 19:55:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * Team upload",
                            "  * [8f6e5f6] New upstream version 2.12.1",
                            "    Fixed CVE issues in upstream version 2.12.0",
                            "    CVE-2026-32597 PyJWT accepts unknown `crit` header extensions",
                            "                   (RFC 7515 §4.1.11 MUST violation)",
                            "    (Closes: #1130662)",
                            "  * [2fbe924] d/control: Bump Standards-Version to 4.7.4",
                            "    No further changes needed.",
                            ""
                        ],
                        "package": "pyjwt",
                        "version": "2.12.1-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Carsten Schoenert <c.schoenert@t-online.de>",
                        "date": "Sat, 25 Apr 2026 18:08:05 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Team upload",
                            "  * New upstream version 2.11.0",
                            "  * Rebuild patch queue from patch-queue branch",
                            "    Added patch:",
                            "    docs-index.rst-Use-a-local-graphic-instead-of-sidelinking.patch",
                            "    Updated patch:",
                            "    docs-Use-packaged-intersphinx-resources.patch",
                            "  * d/_static: Add the logo as local resource",
                            "  * d/python-jwt-doc.install: Install local data from _static",
                            "  * d/control: Add python-cryptography-doc to B-D",
                            "  * d/watch: Convert to version 5",
                            "  * d/copyright: Update year data",
                            ""
                        ],
                        "package": "pyjwt",
                        "version": "2.11.0-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Carsten Schoenert <c.schoenert@t-online.de>",
                        "date": "Sat, 21 Feb 2026 09:57:04 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "python3.14",
                "from_version": {
                    "source_package_name": "python3.14",
                    "source_package_version": "3.14.4-1",
                    "version": "3.14.4-1"
                },
                "to_version": {
                    "source_package_name": "python3.14",
                    "source_package_version": "3.14.6-1",
                    "version": "3.14.6-1"
                },
                "cves": [
                    {
                        "cve": "CVE-2026-9669",
                        "url": "https://ubuntu.com/security/CVE-2026-9669",
                        "cve_description": "bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-08 23:17:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-8328",
                        "url": "https://ubuntu.com/security/CVE-2026-8328",
                        "cve_description": "The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls parse227() directly and passes the raw attacker-controllable IP address and port to target.sendport(). This patch is related to CVE-2021-4189.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-13 21:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-7774",
                        "url": "https://ubuntu.com/security/CVE-2026-7774",
                        "cve_description": "tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-04 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-7210",
                        "url": "https://ubuntu.com/security/CVE-2026-7210",
                        "cve_description": "`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\\r\\n\\r\\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-11 18:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-3276",
                        "url": "https://ubuntu.com/security/CVE-2026-3276",
                        "cve_description": "unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-03 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-5713",
                        "url": "https://ubuntu.com/security/CVE-2026-5713",
                        "cve_description": "The \"profiling.sampling\" module (Python 3.15+) and \"asyncio introspection capabilities\" (3.14+, \"python -m asyncio ps\" and \"python -m asyncio pstree\") features could be used to read and write addresses in a privileged process if that process connected to a malicious or \"infected\" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-04-14 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-4786",
                        "url": "https://ubuntu.com/security/CVE-2026-4786",
                        "cve_description": "Mitgation of CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-04-13 22:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-1502",
                        "url": "https://ubuntu.com/security/CVE-2026-1502",
                        "cve_description": "CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-04-10 18:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-9669",
                                "url": "https://ubuntu.com/security/CVE-2026-9669",
                                "cve_description": "bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-08 23:17:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-8328",
                                "url": "https://ubuntu.com/security/CVE-2026-8328",
                                "cve_description": "The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls parse227() directly and passes the raw attacker-controllable IP address and port to target.sendport(). This patch is related to CVE-2021-4189.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-13 21:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-7774",
                                "url": "https://ubuntu.com/security/CVE-2026-7774",
                                "cve_description": "tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-04 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-7210",
                                "url": "https://ubuntu.com/security/CVE-2026-7210",
                                "cve_description": "`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\\r\\n\\r\\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-11 18:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-3276",
                                "url": "https://ubuntu.com/security/CVE-2026-3276",
                                "cve_description": "unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-03 16:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * Python 3.14.6 release.",
                            "    - Avoid crash decompressing untrusted bz2 data. CVE-2026-9669.",
                            "    - Don't trust server-provided passive connection addresses in ftplib.",
                            "      CVE-2026-8328.",
                            "    - Don't allow untrusted tarfile extraction to write outside the",
                            "      destination. CVE-2026-7774.",
                            "    - Protects against DoS in expat XML parsing. CVE-2026-7210.",
                            "    - Avoid DoS in unicode normalization. CVE-2026-3276.",
                            "",
                            "  [ Colin Watson ]",
                            "  * Drop libnsl-dev build-dependency, which is superfluous since the nis",
                            "    module was removed in Python 3.13.",
                            "",
                            "  [ Stefano Rivera ]",
                            "  * Refresh patches.",
                            "  * Drop mention of gdbinit from README.debug. Closes: #1109449.",
                            "  * Tidy up python3.X-config manpage. Closes: #1101810.",
                            "  * Build with -fno-thread-jumps, instead of -O1 on m68k. Closes: #1139593",
                            ""
                        ],
                        "package": "python3.14",
                        "version": "3.14.6-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Stefano Rivera <stefanor@debian.org>",
                        "date": "Wed, 10 Jun 2026 14:54:31 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-5713",
                                "url": "https://ubuntu.com/security/CVE-2026-5713",
                                "cve_description": "The \"profiling.sampling\" module (Python 3.15+) and \"asyncio introspection capabilities\" (3.14+, \"python -m asyncio ps\" and \"python -m asyncio pstree\") features could be used to read and write addresses in a privileged process if that process connected to a malicious or \"infected\" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-04-14 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-4786",
                                "url": "https://ubuntu.com/security/CVE-2026-4786",
                                "cve_description": "Mitgation of CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-04-13 22:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-1502",
                                "url": "https://ubuntu.com/security/CVE-2026-1502",
                                "cve_description": "CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-04-10 18:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * Python 3.14.5 release.",
                            "    Fixes:",
                            "    - CVE-2026-5713: Validate remote debug offset tables on load.",
                            "    - CVE-2026-4786: Fix webbrowser %action substitution bypass of dash-prefix",
                            "      check.",
                            "    - CVE-2026-1502: Reject CR/LF in HTTP tunnel request headers.",
                            "",
                            "  [ Stefano Rivera ]",
                            "  * Refresh patches.",
                            "  * Update build-details path to include abiflags, and move it to",
                            "    libpython3.14-minimal / libpython3.14-dbg.",
                            "  * Patch: Fix test_pyexpat on i386. (Closes: #1135052)",
                            "  * Patch: Generate the correct base_interpreter in build-details on debug",
                            "    builds.",
                            "",
                            "  [ Matthias Klose ]",
                            "  * Run the tests with -j 2 instead of running sequentially.",
                            ""
                        ],
                        "package": "python3.14",
                        "version": "3.14.5-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Stefano Rivera <stefanor@debian.org>",
                        "date": "Sun, 10 May 2026 21:38:08 -0400"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Python 3.14.5 release candidate.",
                            "  * Skip pyexpat.test_deeply_nested_content_model on i386.",
                            "  * Refresh patches.",
                            ""
                        ],
                        "package": "python3.14",
                        "version": "3.14.5~rc1-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Wed, 06 May 2026 06:21:50 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Install _sysconfig_vars.json for the debug build.",
                            "  * d/t/control: Add python-tk to failing-tests-dbg dependencies.",
                            "  * d/t/testsuite-dbg: Don't run test_build_details, the build-details",
                            "    file for the debug interpreter is not installed.",
                            "  * Bump standards version.",
                            ""
                        ],
                        "package": "python3.14",
                        "version": "3.14.4-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Wed, 22 Apr 2026 12:14:09 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "python3.14-minimal",
                "from_version": {
                    "source_package_name": "python3.14",
                    "source_package_version": "3.14.4-1",
                    "version": "3.14.4-1"
                },
                "to_version": {
                    "source_package_name": "python3.14",
                    "source_package_version": "3.14.6-1",
                    "version": "3.14.6-1"
                },
                "cves": [
                    {
                        "cve": "CVE-2026-9669",
                        "url": "https://ubuntu.com/security/CVE-2026-9669",
                        "cve_description": "bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-08 23:17:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-8328",
                        "url": "https://ubuntu.com/security/CVE-2026-8328",
                        "cve_description": "The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls parse227() directly and passes the raw attacker-controllable IP address and port to target.sendport(). This patch is related to CVE-2021-4189.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-13 21:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-7774",
                        "url": "https://ubuntu.com/security/CVE-2026-7774",
                        "cve_description": "tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-04 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-7210",
                        "url": "https://ubuntu.com/security/CVE-2026-7210",
                        "cve_description": "`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\\r\\n\\r\\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-05-11 18:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-3276",
                        "url": "https://ubuntu.com/security/CVE-2026-3276",
                        "cve_description": "unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-03 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-5713",
                        "url": "https://ubuntu.com/security/CVE-2026-5713",
                        "cve_description": "The \"profiling.sampling\" module (Python 3.15+) and \"asyncio introspection capabilities\" (3.14+, \"python -m asyncio ps\" and \"python -m asyncio pstree\") features could be used to read and write addresses in a privileged process if that process connected to a malicious or \"infected\" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-04-14 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-4786",
                        "url": "https://ubuntu.com/security/CVE-2026-4786",
                        "cve_description": "Mitgation of CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-04-13 22:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-1502",
                        "url": "https://ubuntu.com/security/CVE-2026-1502",
                        "cve_description": "CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-04-10 18:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-9669",
                                "url": "https://ubuntu.com/security/CVE-2026-9669",
                                "cve_description": "bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-08 23:17:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-8328",
                                "url": "https://ubuntu.com/security/CVE-2026-8328",
                                "cve_description": "The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls parse227() directly and passes the raw attacker-controllable IP address and port to target.sendport(). This patch is related to CVE-2021-4189.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-13 21:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-7774",
                                "url": "https://ubuntu.com/security/CVE-2026-7774",
                                "cve_description": "tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall() to write files outside the destination directory, subject to the permissions of the extracting process.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-04 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-7210",
                                "url": "https://ubuntu.com/security/CVE-2026-7210",
                                "cve_description": "`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\\r\\n\\r\\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-05-11 18:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-3276",
                                "url": "https://ubuntu.com/security/CVE-2026-3276",
                                "cve_description": "unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-03 16:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * Python 3.14.6 release.",
                            "    - Avoid crash decompressing untrusted bz2 data. CVE-2026-9669.",
                            "    - Don't trust server-provided passive connection addresses in ftplib.",
                            "      CVE-2026-8328.",
                            "    - Don't allow untrusted tarfile extraction to write outside the",
                            "      destination. CVE-2026-7774.",
                            "    - Protects against DoS in expat XML parsing. CVE-2026-7210.",
                            "    - Avoid DoS in unicode normalization. CVE-2026-3276.",
                            "",
                            "  [ Colin Watson ]",
                            "  * Drop libnsl-dev build-dependency, which is superfluous since the nis",
                            "    module was removed in Python 3.13.",
                            "",
                            "  [ Stefano Rivera ]",
                            "  * Refresh patches.",
                            "  * Drop mention of gdbinit from README.debug. Closes: #1109449.",
                            "  * Tidy up python3.X-config manpage. Closes: #1101810.",
                            "  * Build with -fno-thread-jumps, instead of -O1 on m68k. Closes: #1139593",
                            ""
                        ],
                        "package": "python3.14",
                        "version": "3.14.6-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Stefano Rivera <stefanor@debian.org>",
                        "date": "Wed, 10 Jun 2026 14:54:31 -0400"
                    },
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-5713",
                                "url": "https://ubuntu.com/security/CVE-2026-5713",
                                "cve_description": "The \"profiling.sampling\" module (Python 3.15+) and \"asyncio introspection capabilities\" (3.14+, \"python -m asyncio ps\" and \"python -m asyncio pstree\") features could be used to read and write addresses in a privileged process if that process connected to a malicious or \"infected\" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-04-14 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-4786",
                                "url": "https://ubuntu.com/security/CVE-2026-4786",
                                "cve_description": "Mitgation of CVE-2026-4519 was incomplete. If the URL contained \"%action\" the mitigation could be bypassed for certain browser types the \"webbrowser.open()\" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-04-13 22:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-1502",
                                "url": "https://ubuntu.com/security/CVE-2026-1502",
                                "cve_description": "CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-04-10 18:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * Python 3.14.5 release.",
                            "    Fixes:",
                            "    - CVE-2026-5713: Validate remote debug offset tables on load.",
                            "    - CVE-2026-4786: Fix webbrowser %action substitution bypass of dash-prefix",
                            "      check.",
                            "    - CVE-2026-1502: Reject CR/LF in HTTP tunnel request headers.",
                            "",
                            "  [ Stefano Rivera ]",
                            "  * Refresh patches.",
                            "  * Update build-details path to include abiflags, and move it to",
                            "    libpython3.14-minimal / libpython3.14-dbg.",
                            "  * Patch: Fix test_pyexpat on i386. (Closes: #1135052)",
                            "  * Patch: Generate the correct base_interpreter in build-details on debug",
                            "    builds.",
                            "",
                            "  [ Matthias Klose ]",
                            "  * Run the tests with -j 2 instead of running sequentially.",
                            ""
                        ],
                        "package": "python3.14",
                        "version": "3.14.5-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Stefano Rivera <stefanor@debian.org>",
                        "date": "Sun, 10 May 2026 21:38:08 -0400"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Python 3.14.5 release candidate.",
                            "  * Skip pyexpat.test_deeply_nested_content_model on i386.",
                            "  * Refresh patches.",
                            ""
                        ],
                        "package": "python3.14",
                        "version": "3.14.5~rc1-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Wed, 06 May 2026 06:21:50 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Install _sysconfig_vars.json for the debug build.",
                            "  * d/t/control: Add python-tk to failing-tests-dbg dependencies.",
                            "  * d/t/testsuite-dbg: Don't run test_build_details, the build-details",
                            "    file for the debug interpreter is not installed.",
                            "  * Bump standards version.",
                            ""
                        ],
                        "package": "python3.14",
                        "version": "3.14.4-2",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Matthias Klose <doko@debian.org>",
                        "date": "Wed, 22 Apr 2026 12:14:09 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "rust-coreutils",
                "from_version": {
                    "source_package_name": "rust-coreutils",
                    "source_package_version": "0.8.0-0ubuntu3",
                    "version": "0.8.0-0ubuntu3"
                },
                "to_version": {
                    "source_package_name": "rust-coreutils",
                    "source_package_version": "0.8.0-0ubuntu4",
                    "version": "0.8.0-0ubuntu4"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2116290
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * d/p/df-statfs-fallback.patch: Add a fallback to statfs if the mount path",
                            "    could not be found normally. (LP: #2116290)",
                            ""
                        ],
                        "package": "rust-coreutils",
                        "version": "0.8.0-0ubuntu4",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [
                            2116290
                        ],
                        "author": "Varun Varma <varun.varma@canonical.com>",
                        "date": "Thu, 21 May 2026 16:10:00 -0400"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "screen",
                "from_version": {
                    "source_package_name": "screen",
                    "source_package_version": "5.0.1-2",
                    "version": "5.0.1-2"
                },
                "to_version": {
                    "source_package_name": "screen",
                    "source_package_version": "5.0.1-3",
                    "version": "5.0.1-3"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * Set Debian default terminal type to screen5 in /etc/screenrc",
                            "    (Closes: #1134721)",
                            "  * Move default bufferfile in screenrc to $HOME/.screen-exchange",
                            "    (Closes: #1100699)",
                            "  * Added patch 98: Fix uninitialised buffer for caption/hardstatus expansions",
                            "    (Closes: #1136895)",
                            "  * Added patch 99: Fix off-by-one in resize CheckMaxSize guard",
                            "    (Closes: #1117241)",
                            "  * Fix GNU/Hurd builds (missing MAXPATHLEN define)",
                            "  * Drop 13split_info_files.patch (obsolete)",
                            "  * Stop deleting named pipes in /run/screen at startup (Closes: #545182)",
                            "  * Removing orphaned package screenie from Suggests",
                            "  * Modernise session creation timestamp handling in patches 81 & 82",
                            "    (Closes: #484655, #1061448)",
                            "  * Fix resize prompt wording for vertical splits (Closes: #600649)",
                            "  * Added patch 101: Remove duplicated permission sentence from manpage",
                            "    (Closes: #611228)",
                            "  * Added patch 102: Fix documentation for $TERM default (Closes: #694178)",
                            ""
                        ],
                        "package": "screen",
                        "version": "5.0.1-3",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Peter Dey <debian@realmtech.net>",
                        "date": "Wed, 17 Jun 2026 14:09:15 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "snapd",
                "from_version": {
                    "source_package_name": "snapd",
                    "source_package_version": "2.76+ubuntu26.10.1",
                    "version": "2.76+ubuntu26.10.1"
                },
                "to_version": {
                    "source_package_name": "snapd",
                    "source_package_version": "2.76+ubuntu26.10.2",
                    "version": "2.76+ubuntu26.10.2"
                },
                "cves": [],
                "launchpad_bugs_fixed": [
                    2154498,
                    2147606,
                    2148544,
                    2139213,
                    2125344,
                    2150683,
                    2152908,
                    1966067,
                    2110368,
                    2110368,
                    2144666,
                    2146337,
                    2147207,
                    2143882,
                    2138629,
                    2147645
                ],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2154498",
                            "    - assertions: add helper for validating integrity data",
                            "    - assertions: drop incorrect/non-standard Ed25519 support",
                            "    - confdb: allow only API admin read access to confdb secrets",
                            "    - confdb: block concurrent confdb accesses",
                            "    - confdb: block concurrent snapctl accesses to configuration",
                            "      database",
                            "    - confdb: check for ephemeral data when missing save-view hook on",
                            "      commit",
                            "    - confdb: ignore not-found errors in confdb-schema refreshes",
                            "    - confdb: support --wait-for timeouts when accessing confdb",
                            "    - core-initrd: add group referenced in udev rules",
                            "    - core-initrd: add libbpf dependency to initramfs",
                            "    - core-initrd: add missing libbpf dependency in 24.04 packaging",
                            "    - core-initrd: ensure audio is a system group",
                            "    - core-initrd: fix /boot/uboot mount with u-boot env in dedicated",
                            "      partition",
                            "    - core-initrd: increase mount burst from 5 to 128 for faster boot",
                            "    - core-initrd: sync partition udev rules with the ones in core-base",
                            "    - core-initrd: sync with latest upload to snappy-dev PPA",
                            "    - core-initrd: synchronize changelogs with latest PPA upload",
                            "    - core-initrd: update changelog with latest PPA upload",
                            "    - core-initrd: add nfnetlink module to fix nf netlink",
                            "      socket speed regression (Ubuntu Core only)",
                            "    - cross-distro: allow snapd to manipulate systemd unit files in",
                            "      SELinux policy",
                            "    - cross-distro: FIPS bootstrap and dispatch via snap-fips-dispatch",
                            "    - desktop: fix common ID selection with multiple desktop plugs",
                            "    - FDE: allow user mode on core in secboot TPM handling",
                            "    - FDE: bump go-efilib dependency",
                            "    - FDE: bump secboot to rev cdcb64992e54 for FDE fixes",
                            "    - FDE: deprecate check-pin/passphrase API endpoints",
                            "    - LP: #2147606 FDE: give inactive state on classic",
                            "    - FDE: improve tracing for OP-TEE probing",
                            "    - FDE: move auto-repair logic to overlord/fdestate and provide state",
                            "    - FDE: update secboot for TPM/FDE bug fixes including Intel HAP and",
                            "      recovery key parsing",
                            "    - FDE: use any primary key matching digest when adding a keyslot",
                            "    - FDE: use ignore action for preinstall check in VM",
                            "    - interfaces: bluez | drop explicit deny send_destination in D-Bus",
                            "      configuration",
                            "    - interfaces: conditionally deny /proc/self/mountinfo to suppress Go",
                            "      1.25+ denials",
                            "    - interfaces: custom-device | fix for-device validation panic on",
                            "      non-string value",
                            "    - interfaces: disallow auto-connect to parallel installs",
                            "    - interfaces: docker | make plug implicit on classic systems",
                            "    - interfaces: ignore errors in disconnect hooks during explicit snap",
                            "      disconnect",
                            "    - interfaces: mediatek-accel | add plug interface base declaration",
                            "    - interfaces: microceph-support | suppress noisy sudo denial audit",
                            "      logs",
                            "    - interfaces: podman | add new interface for podman socket access",
                            "    - interfaces: pulseaudio | fix security tag syntax inconsistency",
                            "    - interfaces: raw-usb | allow USB device enumeration on Fairphone 5",
                            "      with NexDock",
                            "    - interfaces: restore auto-connections on failed refresh undo",
                            "    - LP: #2148544 interfaces: bool-file | support deep SoC sysfs paths",
                            "      for LED brightness",
                            "    - LP: #2139213 packaging: make Ubuntu 16.04 packaging dep17",
                            "      compliant",
                            "    - packaging: add cross-distro build script and instructions",
                            "    - packaging: add openSUSE 16.0 spread support",
                            "    - packaging: Debian build improvements",
                            "    - packaging: default openSUSE to /var/lib/snapd/snap and sync from",
                            "      downstream",
                            "    - packaging: drop transitional packages only for Ubuntu 26.04",
                            "      (Resolute)",
                            "    - packaging: fix Launchpad FIPS build detection for snapd-fips job",
                            "    - packaging: refactor and clean up snapd.mk, standardize test-data",
                            "      directories",
                            "    - packaging: switch to golang-github-chai2010-gettext-go-dev",
                            "    - packaging: update bundled AppArmor 4.1.7 (snapd snap only)",
                            "    - prompting: escape paths in prompt constraints",
                            "    - prompting: improve API error handling and validation",
                            "    - prompting: improve error message when no handler service is",
                            "      present",
                            "    - prompting: re-enable the prompting notice backend",
                            "    - prompting: respond with full user-allowed permission set",
                            "    - prompting: validate permissions while unmarshalling",
                            "    - remote device management: implement dispatch-mgmt-messages task",
                            "      with sequencing support",
                            "    - LP: #2125344 snap: avoid empty channel forwarding message",
                            "    - LP: #2150683 snap: clarify snap install help text for --classic",
                            "      and --devmode",
                            "    - LP: #2152908 snap: print complex attributes in snap interface",
                            "      --attrs output",
                            "    - snap: add run-inhibit hint and inhibit info when a snap is",
                            "      disabled",
                            "    - snap: allow removing a snap and its base at the same time",
                            "    - snap: display detailed component information in snap info",
                            "    - snap: extend AlreadyInstalledError to multiple snaps and",
                            "      components",
                            "    - snap: extend set-quota command options description with accepted",
                            "      value formats",
                            "    - snap: implement snap delta command for computing snap deltas",
                            "    - snap: improve consistency for snap install when some snaps are",
                            "      already installed",
                            "    - snap: show hint in snap list that a snap has components",
                            "    - snap-confine: allow inheriting unix sockets from snaps",
                            "    - snap-confine: allow linking to libm in AppArmor profile",
                            "    - snap-confine: fix out-of-bounds read in mountinfo parser for",
                            "      partial escape sequences",
                            "    - snap-confine: harden bpffs mount with nosuid, nodev, noexec flags",
                            "    - snap-confine: remove experimental persistent per-user mount",
                            "      namespace feature",
                            "    - snap-confine: set FD_CLOEXEC on file descriptors returned by BPF",
                            "      helpers",
                            "    - snap-confine: support transparent_hugepage in AppArmor profile",
                            "    - snap-confine: use strchr after NUL-terminating in infofile parser",
                            "    - snap-update-ns: switch to a multi-pass process for constructing",
                            "      and updating mount namespaces",
                            "    - RemoveMountUnitFile now unmounts even if mount unit file is",
                            "      missing",
                            "    - Add explicit mount phase during single-reboot refresh to fix undo",
                            "      of kernel refreshes",
                            "    - Add security audit logging subsystem",
                            "    - Add base prioritized AppArmmor snippets for strictly confined or",
                            "      jailed snaps",
                            "    - Allow openshell snap to use experimental daemon-scope: user",
                            "    - Allow configuring mount unit options based on filesystem type",
                            "    - Allow equals signs in uevent values in netlink parser",
                            "    - Also bind-mount directories modified by kmod backend during",
                            "      preseed",
                            "    - Clean up potentially corrupted files during snap download undo",
                            "    - Complete the bootloader environment implementation",
                            "    - Copy integrity data files during snap install",
                            "    - Create hook for seed refresh mode",
                            "    - Create removal tasks for old seed-refresh seeds",
                            "    - Dispatch systemctl commands asynchronously when calling Stop()",
                            "    - Ensure /tmp/.X11-unix created inside mount namespace has correct",
                            "      permissions",
                            "    - Ensure exclusive changes conflict with refresh/revert",
                            "    - Ensure existing snap confinement flags are not dropped when",
                            "      installing or removing components",
                            "    - Export ubuntu-boot-state filename constant from bootloader package",
                            "    - Fix duplicate removal of apps under $SNAP_MOUNT_DIR/bin",
                            "    - Fix integration between prerequisites task and seed-refresh mode",
                            "    - Fix split-refresh overwriting provided lane",
                            "    - Fix use of umask in GetListener for socket activation",
                            "    - Ignore net.ErrClosed during daemon shutdown",
                            "    - Implement ResolveValidationSetsEnforcementError in terms of one",
                            "      call",
                            "    - Improve snapctl install consistency when components are already",
                            "      installed",
                            "    - Inject seed creation tasks into snap refresh flow",
                            "    - Introduce system options for custom certificates on Ubuntu Core",
                            "    - Keep idle services with activation units stopped on reload",
                            "    - List snap components in snap-debug-info via debug-tools",
                            "    - Look at gadget.yaml instead of marker file to determine ubootpart",
                            "      usage",
                            "    - LP: #1966067 Skip redundant xdg-settings confirmation prompt when",
                            "      setting is already correct",
                            "    - LP: #2110368 Fix component installation for private snaps via",
                            "      snapctl",
                            "    - LP: #2110368 Fix download of private snap components by setting",
                            "      UserID",
                            "    - LP: #2144666 Fix mount namespace updates with synthetic bind",
                            "      mounts on same target paths",
                            "    - LP: #2146337 Improve handling of failed downloads and retain",
                            "      partial files for resume",
                            "    - LP: #2147207 Fix snap enable/disable cycle forgetting components",
                            "    - Make run-inhibit hint for kill-snap-apps task based on kill reason",
                            "    - Merge content-provider prerequisite updates into seed-refresh",
                            "    - Move SortServices into Backend.StartServices",
                            "    - Move state to client change conversion to ctlcmd package",
                            "    - Omit misleading \"try to refresh snapd\" suggestion for ISA-related",
                            "      errors",
                            "    - Only create link-component tasks when needed during refresh to",
                            "      existing revision",
                            "    - Reconfigure piboot bootloader on gadget refreshes to preserve",
                            "      os_prefix",
                            "    - Reduce the number of AppArmor profile regenerations during snap",
                            "      operations",
                            "    - Refactor seed-refresh ownership to devicestate",
                            "    - Regenerate certificate database on remodels",
                            "    - Remove obsolete FIXME comment in VersionCompare",
                            "    - Remove unused GenerateDmVerityData helper from snap/integrity",
                            "    - Rename and document error type for ISA assumes flags",
                            "    - Restart snapd from daemon.Stop to improve restart reliability",
                            "    - Restart stopped services on error in stopSnapServices for",
                            "      transactionality",
                            "    - Simplify certificate-db updates on model-base refresh/installs",
                            "    - Support racing Loop and Stop correctly in overlord",
                            "    - Support sending file descriptors to systemd via sd_notify",
                            "    - Unroll CPU-heavy recursive function in snap state handlers",
                            "    - Update seccomp syscalls list for kernel 7.1.0",
                            "    - Use change ID to prevent nested seed-refresh spawned by",
                            "      prerequisites",
                            "    - Validate content interface plug target directories exist for",
                            "      core26+ snaps",
                            "    - Validate layout paths exist in snap tree for snaps using bare or",
                            "      core26+",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.76+ubuntu26.10.2",
                        "urgency": "medium",
                        "distributions": "stonking",
                        "launchpad_bugs_fixed": [
                            2154498,
                            2147606,
                            2148544,
                            2139213,
                            2125344,
                            2150683,
                            2152908,
                            1966067,
                            2110368,
                            2110368,
                            2144666,
                            2146337,
                            2147207
                        ],
                        "author": "Ernest Lotter <ernest.lotter@canonical.com>",
                        "date": "Thu, 17 Jun 2026 16:30:00 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2143882",
                            "    - Interfaces: network-setup-*| allow running python binaries from",
                            "      the base on UC26+",
                            "    - Cross-distro: modify SELinux policy to allow mounting on",
                            "      /var/snap/<snap>/<rev>",
                            "    - Fix potential task deadlock by considering all tasks in a lane",
                            "      that might be waiting for a reboot when processing delayed",
                            "      security backend effects",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.75.2+ubuntu26.04.2",
                        "urgency": "medium",
                        "distributions": "resolute",
                        "launchpad_bugs_fixed": [
                            2143882
                        ],
                        "author": "Katie May <katie.may@canonical.com>",
                        "date": "Mon, 30 Mar 2026 17:06:36 +0200"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream release, LP: #2138629",
                            "    - LP: #2147645 FDE: secboot fixes",
                            ""
                        ],
                        "package": "snapd",
                        "version": "2.74.1+ubuntu26.04.4",
                        "urgency": "medium",
                        "distributions": "resolute",
                        "launchpad_bugs_fixed": [
                            2138629,
                            2147645
                        ],
                        "author": "Ernest Lotter <ernest.lotter@canonical.com>",
                        "date": "Thu, 14 Apr 2026 09:30:00 +0200"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            }
        ],
        "snap": []
    },
    "added": {
        "deb": [
            {
                "name": "ncurses-term",
                "from_version": {
                    "source_package_name": null,
                    "source_package_version": null,
                    "version": null
                },
                "to_version": {
                    "source_package_name": "ncurses",
                    "source_package_version": "6.6+20251231-1",
                    "version": "6.6+20251231-1"
                },
                "cves": [],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream patchlevel.",
                            "  * Update symbols files and bump shlibs.",
                            "  * Upgrade Standards-Version to 4.7.3, no changes needed.",
                            ""
                        ],
                        "package": "ncurses",
                        "version": "6.6+20251231-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Sven Joachim <svenjoac@gmx.de>",
                        "date": "Sat, 03 Jan 2026 08:53:58 +0100"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream patchlevel.",
                            "    - Revert change using NCURSES_SBOOL in tic.h which interfered with",
                            "      sign-extension in tigetflag (Closes: #1121191).",
                            ""
                        ],
                        "package": "ncurses",
                        "version": "6.5+20251123-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Sven Joachim <svenjoac@gmx.de>",
                        "date": "Mon, 24 Nov 2025 20:50:02 +0100"
                    },
                    {
                        "cves": [],
                        "log": [
                            "",
                            "  * New upstream patchlevel.",
                            "    - Correct expression for TINFO_LIB variable in misc/ncurses-config.in",
                            "      (Closes: #1121208).",
                            "  * Add a smoke autopkgtest which builds a simple program, catching the",
                            "    above problem.",
                            ""
                        ],
                        "package": "ncurses",
                        "version": "6.5+20251122-1",
                        "urgency": "medium",
                        "distributions": "unstable",
                        "launchpad_bugs_fixed": [],
                        "author": "Sven Joachim <svenjoac@gmx.de>",
                        "date": "Sun, 23 Nov 2025 14:55:47 +0100"
                    }
                ],
                "notes": "For a newly added package only the three most recent changelog entries are shown.",
                "is_version_downgrade": false
            }
        ],
        "snap": []
    },
    "removed": {
        "deb": [],
        "snap": []
    },
    "notes": "Changelog diff for Ubuntu 26.10 stonking image from daily image serial 20260617 to 20260625",
    "from_series": "stonking",
    "to_series": "stonking",
    "from_serial": "20260617",
    "to_serial": "20260625",
    "from_manifest_filename": "daily_manifest.previous",
    "to_manifest_filename": "manifest.current"
}