curl (8.18.0~rc2-1) unstable; urgency=medium . * New upstream version 8.18.0~rc2 * d/copyright: Remove entries for files removed upstream * d/patches: - Drop patches merged upstream: ~ fix-progress-meter-in-parallel-mode.patch ~ wcurl-CVE-2025-11563.patch - Update patches: ~ ZZZgnutls-build.patch: + Variables AM_CFLAGS and AM_LDFLAGS were dropped in lib/Makefile.am + Update patch's context. ~ build-Divide-mit-krb5-gssapi-link-flags-between-LDFLAGS-a.patch: + Context update. + Update patch offset. ~ 11_omit-directories-from-config.patch: + Update for upstream usage of double quotes (replacing single quotes) for variables and usage of '&& test' instead of '-a' in curl-config.in. * d/libcurl4-doc.docs: Some docs were converted to .md: - docs/FAQ.md - docs/KNOWN_BUGS.md - docs/TODO.md curl (8.18.0~rc1-1+exp1) experimental; urgency=medium . * New upstream version 8.18.0~rc1 * d/patches: - Drop patches merged upstream: ~ fix-progress-meter-in-parallel-mode.patch ~ wcurl-CVE-2025-11563.patch - Update patches: ~ ZZZgnutls-build.patch: Variables AM_CFLAGS and AM_LDFLAGS were dropped in lib/Makefile.am ~ build-Divide-mit-krb5-gssapi-link-flags-between-LDFLAGS-a.patch: Context update. * d/copyright: Remove entries for files removed upstream lxsession (0.5.6-3) unstable; urgency=medium . [ Joshua ] * d/control: Fix lxession-logout Depends (Closes: #1120986) nodejs (22.21.1+dfsg+~cs22.19.0-6) unstable; urgency=medium . * Add parallel/test-http-keep-alive-empty-line as flaky * Revert "Drop ada component" python-django (3:4.2.27-2) unstable; urgency=medium . * Team upload. * Backport various upstream fixes for newer Python versions (closes: #1122185): - Fixed tests for test --parallel option on Python 3.14+. - Fixed copying BaseContext and its subclasses on Python 3.14+. - Fixed OtherModelFormTests.test_prefetch_related_queryset() test on Python 3.14+. - Adjusted test_strip_tags following Python behavior change for incomplete entities. * Revert "Mark that Python 3.14 is not supported yet", since it now is. python-django (3:4.2.27-1) unstable; urgency=medium . * New upstream security release. . - CVE-2025-13372: Fix a potential SQL injection attack in FilteredRelation column aliases when using PostgreSQL. FilteredRelation was subject to SQL injection in column aliases via a suitably crafted dictionary as the **kwargs passed to QuerySet.annotate() or QuerySet.alias(). . - CVE-2025-64460: Prevent a potential denial-of-service vulnerability in XML serializer text extraction. An algorithmic complexity issue in django.core.serializers.xml_serializer.getInnerText() allowed a remote attacker to cause a potential denial-of-service triggering CPU and memory exhaustion via a specially crafted XML input submitted to a service that invokes XML Deserializer. The vulnerability resulted from repeated string concatenation while recursively collecting text nodes, which produced superlinear computation. . (Closes: #1121788)) . * Mark that Python 3.14 is not supported yet. rheolef (7.2-6) unstable; urgency=medium . * Team upload. * debian patch doc_build.patch ensures `` delimiters in comments are paired to allow doc building. Closes: #1122469 REMOVED: calf 0.90.3-4 REMOVED: node-kew 0.7.0-3 REMOVED: golang-pault-go-macchanger 0.0~git20170902.0.0252df5-1.1 REMOVED: vala-panel 24.05-3 REMOVED: vala-panel-appmenu 25.04+dfsg-2 REMOVED: mate-hud 22.10.3-2