balboa (2.0.0+ds-7) unstable; urgency=medium
 .
   * Stop building static binaries for the backend tools.
     Thanks to Aurelien Jarno for noticing and raising this.
     Closes: #1106793

bpython (0.25-2) unstable; urgency=medium
 .
   * debian/: Remove no longer valid symlinks
   * debian/control: Recommend python3-urwid for urwid interface (Closes:
     #1076249)

courier (1.4.1-2) unstable; urgency=medium
 .
   * Update Turkist debconf translation, thanks to Atila KOÇ
     <atilakoc@yahoo.com>.

curl (8.14.1-1) unstable; urgency=medium
 .
   * New upstream version 8.14.1
     - Fix CVE-2025-5399: WebSocket endless loop
   * d/p/multi_fix_add_handle_resizing: Drop patch, merged in 8.14.1
curl (8.14.0-1+exp1) experimental; urgency=medium
 .
   * New upstream version 8.14.0~rc3
   * d/p/multi_fix_add_handle_resizing.patch: New patch to fix regression
curl (8.14.0-1) unstable; urgency=medium
 .
   * New upstream version 8.14.0
   * Drop vendored wcurl now that it's in the upstream tarball
   * d/copyright: Update for upstream moved files:
     - They were moved from lib/ to lib/curlx/:
        ~ lib/curlx/version_win32.c
        ~ lib/curlx/version_win32.h
        ~ lib/curlx/inet_pton.c
   * d/patches:
     - Refresh patches
     - ZZZgnutls-build.patch: Update to also work with tests/tunit makefile
     - multi_fix_add_handle_resizing.patch: New patch to fix regression
     - Drop patches merged upstream:
       ~ autotools_install_shell_completion_files_on_cross_build.patch
       ~ scripts_completion_pl_sort_the_completion_file_for_all_shells.patch
curl (8.14.0~rc3-1+exp1) experimental; urgency=medium
 .
   * New upstream version 8.14.0~rc3
   * Refresh patches
   * d/copyright: Update for upstream moved files, they were moved from lib/ to
     lib/curlx/:
      - lib/curlx/version_win32.c
      - lib/curlx/version_win32.h
      - lib/curlx/inet_pton.c
curl (8.14.0~rc2-1+exp1) experimental; urgency=medium
 .
   * New upstream version 8.14.0~rc2
   * debian/patches: refresh patches.
       - ZZZgnutls-build.patch: update to also work with tests/tunit makefile.
curl (8.14.0~rc1-1+exp1) experimental; urgency=medium
 .
   * New upstream version 8.14.0~rc1
   * d/patches: Drop merged patches:
     - autotools_install_shell_completion_files_on_cross_build.patch
     - scripts_completion_pl_sort_the_completion_file_for_all_shells.patch
   * Revert "d/control: Build with SASL support with libgsasl-dev"
   * d/wcurl: Drop vendored wcurl now that it's in the upstream tarball
curl (8.13.0-5+exp1) experimental; urgency=medium
 .
   * d/rules: Enable experimental features: HTTPS RR and SSL session
     import/export
   * d/control: Build with SASL support with libgsasl-dev

dpkg (1.22.20) unstable; urgency=medium
 .
   [ Guillem Jover ]
   * Perl modules:
     - Dpkg::OpenPGP::Backend::Sequoia: Do not run sq/sqv to verify with no
       keyrings. Closes: #1106148
     - Dpkg::OpenPGP::Backend::Sequoia: Run sq in stateless mode for
       verification. Suggested by Neal H. Walfield <neal@sequoia-pgp.org>.
   * Localization:
     - Update Catalan translations.
     - Update German scripts translation.
       Thanks to Helge Kreutzmann <debian@helgefjell.de>.
     - Update Portuguese scripts translation.
     - Update Swedish scripts translation.

fortunes-eo (20250604-1) unstable; urgency=high
 .
   * Accept non-maintainer upload.
   * Remove non-unicode packages.
fortunes-eo (20020729b-1.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Removing offensive cookie meaning
       "A woman knows — The whole world knows".
     Closes: #870347
   * Removing offensive cookie meaning
       "Wash for a whole year, a negro won't become white"
     Closes: #916270

libfile-find-rule-perl (0.34-4) unstable; urgency=high
 .
   * Team upload.
   * Fix for CVE-2011-10007: Use 3 arg open in grep() (Closes: #1107311)

python-django (3:4.2.22-1) unstable; urgency=high
 .
   * New upstream security release:
 .
     - CVE-2025-48432: Potential log injection via unescaped request path.
 .
       Django's internal HTTP response logging used request.path directly,
       allowing control characters (e.g. newlines or ANSI escape sequences) to
       be written unescaped into logs. This could enable log injection or
       forgery, letting attackers manipulate log appearance or structure,
       especially in logs processed by external systems or viewed in terminals.
 .
       Although this does not directly impact Django's security model, it poses
       risks when logs are consumed or interpreted by other tools.  To fix this,
       the internal django.utils.log.log_response() function now escapes all
       positional formatting arguments using a safe encoding.
 .
       (Closes: #1107282)
 .
     <https://www.djangoproject.com/weblog/2025/jun/04/security-releases/>

tsocks (1.8beta5+ds1-3) unstable; urgency=medium
 .
   * QA upload.
   * Generate Built-Using for glibc due to static linking (Closes: #1106809)

zurl (1.12.0-3) unstable; urgency=medium
 .
   * Remove dependency on libcurl4 (Closes: Bug#1107287)
zurl (1.12.0-2) unstable; urgency=medium
 .
   * timer_callback must return CURLM_OK on success (Closes: Bug#1103005)