-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 01 May 2026 23:29:36 +0000 Source: lxd Architecture: source Version: 5.0.2+git20231211.1364ae4-9+deb13u6 Distribution: trixie-security Urgency: high Maintainer: Debian Go Packaging Team Changed-By: Mathias Gibbens Changes: lxd (5.0.2+git20231211.1364ae4-9+deb13u6) trixie-security; urgency=high . * Cherry-pick fixes for the following security issues (from Incus): - CVE-2026-40197 / GHSA-r7w7-mmxr-47r9 - CVE-2026-40251 / GHSA-4m88-wxj4-9qj6 - CVE-2026-41648 / GHSA-67wx-r9xr-x75x - CVE-2026-41684 / GHSA-x5r6-jr56-89pv - CVE-2026-41685 / GHSA-98vh-x9cx-9cfp Checksums-Sha1: c502185f6b796bd08e065256d4a7546ad2b19679 4428 lxd_5.0.2+git20231211.1364ae4-9+deb13u6.dsc 5f6cc2c4538a8b3c3df86d8a472840fad452da2e 3523275 lxd_5.0.2+git20231211.1364ae4.orig.tar.gz 18556e18224d750d1efe6e77317b85340855d6c8 50232 lxd_5.0.2+git20231211.1364ae4-9+deb13u6.debian.tar.xz f36c93556efa47f51c21b3a4f113f555e0338748 24721 lxd_5.0.2+git20231211.1364ae4-9+deb13u6_amd64.buildinfo Checksums-Sha256: 1ae7f2b1c62d599975d1b394a98a660eca34981c4103dfc7da4f0914fff52064 4428 lxd_5.0.2+git20231211.1364ae4-9+deb13u6.dsc e03a147d53feed1f7c94217cac9f79a64747e4eb11a04a934c2b1d24b26ffc1e 3523275 lxd_5.0.2+git20231211.1364ae4.orig.tar.gz 455ea0a0d56b63f985a0b47eebba7a64ee2108ba3c49aa30437a6ca2bf27978c 50232 lxd_5.0.2+git20231211.1364ae4-9+deb13u6.debian.tar.xz a618a48b2166b9f200d3dc5ac563a93ae694856a7087b7fe599463e9b8f351c2 24721 lxd_5.0.2+git20231211.1364ae4-9+deb13u6_amd64.buildinfo Files: f5b2b93e1408d7e44156e065dc36bec4 4428 admin optional lxd_5.0.2+git20231211.1364ae4-9+deb13u6.dsc be1a564642b64467690af9739fec9e33 3523275 admin optional lxd_5.0.2+git20231211.1364ae4.orig.tar.gz 1def77a5dd9f854bfbad686d988a432e 50232 admin optional lxd_5.0.2+git20231211.1364ae4-9+deb13u6.debian.tar.xz 7f06fe832cb9441fe74af8ba9e246490 24721 admin optional lxd_5.0.2+git20231211.1364ae4-9+deb13u6_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEE1Bp60H32xfynSJ8cKe7i1uz0QvkFAmn3c6ESHGdpYm1hdEBk ZWJpYW4ub3JnAAoJECnu4tbs9EL5niYP/2hPn2NrAZeV2HEdrh7CDEHslSSaBZqw mFNcQsuxaQy4apwyDVrpYGniprBVlduo2vEu5RyGIx4E1ANznMfOuygx+xe4GMBN ENP9dgA3idAE9Q0QClTycLkLhz7gAjTeDT5IPEXsQ1yZET5U2M+H44zt/xTdqVD6 HpGcUE7BBy0J3rJ/s5xO7WFDe7zWvVCtQ4GSTkecmqTPOmbHtel3I1by4eJVy/qU snsMMeU9Mgj6W18YQBb8/z1qS4vFFy/yPl63MTHVFUYgs+IbE4OWxnlFmdZoUKfR gYKNH9pu8SeBOm/52JLHp8v8bfSX8yiVz2HeEJ8bHAQDMnP6W6Ee0xW1oWv2py/R yFszDD6GFkRDCEao7BVr+2SeHXn/YFLzwnmDPxdMYM8Bc4EnAuXBdo0ylGcoV9qH 1XjnEp5Whw4+QqMS0FxlgdtGyYuFHo+TjwNr1JGC3E0LPAZzaWN6EWweGQfdRvn2 eGnh4MgPxl2iA670e61/gQMChnAiu9vNR7c5uo3TU9rmbMP/U/ODh/hos1EA+9hB W6S2jzO73oPaoJFgBaoXcnakMcRZM4XghwDlLjhOlQAibxYVtGHyXAwqVbEGSDwr W2KE3Lmc261Y72mkWxjzqfTZiOefE9CBkfOjt4PVkJ4pAdx7R1NYEjWZhwLF7FF/ s3/gMGayzIyx =wRzq -----END PGP SIGNATURE-----