freecad (1.0.2+dfsg-7) unstable; urgency=medium
 .
   * Fix FTBFS with boost1.90, removal of boost-system.

python-django (3:4.2.29-1) unstable; urgency=high
 .
   * New upstream sceurity release:
 .
     - CVE-2026-25674: Potential incorrect permissions on newly created file
       system objects.
 .
       Django's file-system storage and file-based cache backends used the
       process umask to control permissions when creating directories. In
       multi-threaded environments, one thread's temporary umask change can
       affect other threads' file and directory creation, resulting in file
       system objects being created with unintended permissions. Django now
       applies the requested permissions via os.chmod() after os.mkdir(),
       removing the dependency on the process-wide umask.
 .
     - CVE-2026-25673: Potential denial-of-service vulnerability in URLField via
       Unicode normalization on Windows.
 .
       The django.forms.URLField form field's to_python() method used
       urllib.parse.urlsplit() to determine whether to prepend a URL scheme to
       the submitted value. On Windows, urlsplit() performs NFKC normalization
       (unicodedata.normalize), which can be disproportionately slow for large
       inputs containing certain characters.
 .
       URLField.to_python() now uses a simplified scheme detection, avoiding
       Unicode normalization entirely and deferring URL validation to the
       appropriate layers. As a result, while leading and trailing whitespace is
       still stripped by default, characters such as newlines, tabs, and other
       control characters within the value are no longer handled by
       URLField.to_python(). When using the default URLValidator, these values
       will continue to raise ValidationError during validation, but if you rely
       on custom validators, ensure they do not depend on the previous behavior
       of URLField.to_python().
 .
     <https://www.djangoproject.com/weblog/2026/mar/03/security-releases/>
 .
     (Closes: #1129595)

systemd (260~rc2-1) unstable; urgency=high
 .
   * Remove build-depend on rsync, meson is new enough
   * Enable getty@ via packaging scriptlets, not static anymore (Closes:
     #1129276)
   * Update upstream source from tag 'upstream/260_rc2' Update to upstream
     version '260~rc2' with Debian dir
     9c39b1f4781cb5ab95271453bfa0b453e971da5b
     Fixes:
     https://github.com/systemd/systemd/security/advisories/GHSA-6pwp-j5vg-5j6m
   * Install new files
systemd (260~rc1-2) unstable; urgency=medium
 .
   * sd-boot-efi: do not pick up hwids, they are shipped by sd-ukify.
systemd (260~rc1-1) unstable; urgency=medium
 .
   [ Nick Rosbrook ]
   * d/libsystemd-shared.preinst: refuse to upgrade without unified
     cgroupv2 hierarchy
 .
   [ Luca Boccassi ]
   * homed: drop dependency satisfied since bookworm/noble
   * systemd.postinst: update journal catalog after reexecing managers
   * initramfs-tools: copy udev link files from
     /usr/local/lib/systemd/network too (Closes: #1128930)
   * Update upstream source from tag 'upstream/260_rc1' Update to upstream
     version '260~rc1' with Debian dir
     6b709802e9ad49539cd2d746ca50f6ecfec3dde7
   * Install new files for v260~rc1
   * Disable remaining deprecated sysv interfaces
   * Update symbols file for v260~rc1
   * Drop unused Lintian overrides

vtk9 (9.5.2+dfsg4-1) unstable; urgency=medium
 .
   * Team upload.
   * Add back WebCore, WebGLExporter and WebPython modules for future use
     within trame and pyvista.
     - This required a repack 9.5.2+dfsg4, because the Web directory was
       previously ignored in d/copyright.



REMOVED: offlineimap3 0.0~git20240826.db34745+dfsg-2