cjson (1.7.18-3.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2023-26819: rejection of valid texts (Closes: #1103687)

clamav (1.4.3+dfsg-1) unstable; urgency=medium
 .
   * Import 1.4.3
     - CVE-2025-20234 (Fixed a possible buffer overflow read bug in the UDF
       file parser that may write to a temp file and thus disclose information,
       or it may crash and cause a denial-of-service (DoS) condition.)
       Closes: #1108045
     - CVE-2025-20260 (Fixed a possible buffer overflow write bug in the PDF
       file parser that could cause a denial-of-service (DoS) condition or
       enable remote code execution.) Closes: #1108046

dbus-broker (37-1) unstable; urgency=medium
 .
   * Update upstream source from tag 'upstream/37'
     For a full list of changes, see:
     https://github.com/bus1/dbus-broker/releases/tag/v37
   * Drop util-sockopt-also-check-for-ESRCH.patch

djvulibre (3.5.28-2.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix potential buffer overflow in MMRDecoder (CVE-2025-53367)
     (Closes: #1108729)

gst-plugins-ugly1.0 (1.26.3-4) unstable; urgency=medium
 .
   * Team upload
   * Don't ignore build test failures. Previously they were ignored on
     architectures other than amd64 & arm64
 .
 gst-plugins-ugly1.0 (1.26.3-3) unstable; urgency=medium
 .
   * Team upload
   * Revert debian/copyright updates as requested by Debian Release Team
   * Release to unstable
 .
 gst-plugins-ugly1.0 (1.26.3-2) experimental; urgency=medium
 .
   * New upstream version 1.26.3
   * d/copyright: add DEP-5 compatible license headers
   * upload to experimental after accidental unstable upload
gst-plugins-ugly1.0 (1.26.3-3) unstable; urgency=medium
 .
   * Team upload
   * Revert debian/copyright updates as requested by Debian Release Team
   * Release to unstable
 .
 gst-plugins-ugly1.0 (1.26.3-2) experimental; urgency=medium
 .
   * New upstream version 1.26.3
   * d/copyright: add DEP-5 compatible license headers
   * upload to experimental after accidental unstable upload
gst-plugins-ugly1.0 (1.26.3-2) experimental; urgency=medium
 .
   * New upstream version 1.26.3
   * d/copyright: add DEP-5 compatible license headers
   * upload to experimental after accidental unstable upload
gst-plugins-ugly1.0 (1.26.3-1) unstable; urgency=medium
 .
   * New upstream version 1.26.3
   * d/copyright: add DEP-5 compatible license headers

kas (4.8.1-2) unstable; urgency=medium
 .
   * debian: switch to autopkgtest-pkg-pybuild
kas (4.8.1-1) unstable; urgency=medium
 .
   * New upstream version 4.8.1
   * kas: Add diff plugin to compare config files and repos
   * kas: add support to verify signatures of git repos
   * kas: add support for distributed lock file updates
   * kas: add purge command to remove all managed data
   * kas: add support for NPMRC_FILE environment variable
   * kas: drop overrides from output of dump when using --resolve-refs
   * kas: inject current version of kas into config dumps
   * kas: enforce allowed values for layer enabling/disabling
   * kas: deprecate various magic values to disable a layer
   * kas: consistently check for the validity of path provided via env vars
   * kas: skip shallow cloning for reference repos
   * kas: improve reporting of yaml format errors
   * kas: fix output on patching errors
   * kas-container: add limited support for docker rootless
   * kas-container: propagate timezone information into container
   * kas-container: warn if script version does not match container
   * kas-container: prepare for looser coupling of script and container versions
   * debian: update standards version to 4.7.2
   * debian: add python3-{kconfiglib,gnupg,newt} to recommends

pam (1.7.0-5) unstable; urgency=high
 .
   * pam_access: backport upstream commit to implement nodns option to allow people to work around #1087019
 .
 pam (1.7.0-4) experimental; urgency=high
 .
   [ Gioele Barabucci ]
   * d/control: Update standards version to 4.7.0, no changes needed
   * d/TODO: Remove outdated item about fop (Closes: #629438)
 .
   [ Sam Hartman ]
   * Fix CVE-2025-6020: local privilege escalation in pam_namespace, Closes: 1107919
 .
   [ James Morris ]
   * pam_access improperly checks for group membership of a user.
     (Closes: #1103339)
pam (1.7.0-4) experimental; urgency=high
 .
   [ Gioele Barabucci ]
   * d/control: Update standards version to 4.7.0, no changes needed
   * d/TODO: Remove outdated item about fop (Closes: #629438)
 .
   [ Sam Hartman ]
   * Fix CVE-2025-6020: local privilege escalation in pam_namespace, Closes: 1107919
 .
   [ James Morris ]
   * pam_access improperly checks for group membership of a user.
     (Closes: #1103339)

psqlodbc (1:17.00.0004-2) unstable; urgency=medium
 .
   * Fix descrec to work correctly on big-endian archs.
   * Allow descrec test to pass in locale C.

qtimageformats-opensource-src (5.15.15-4) unstable; urgency=medium
 .
   * Backport upstream patch to fix validation issue for ICNS image
     (CVE-2025-5683, closes: #1107318).

speech-dispatcher (0.12.0-5) unstable; urgency=medium
 .
   * rules: Be more precise in blhc ignore.
   * patches/git-punctuation: Fix punctuation levels.

systemtap (5.1-5) unstable; urgency=medium
 .
   * Add upstream patch move-unaligned.patch for Linux kernels >= 6.12
     (Closes: #1108541)

yamllint (1.37.1-1) unstable; urgency=medium
 .
   * Team Upload
   * New upstream version 1.37.1