containerd-stable (2.1.6-0ubuntu1~25.10.2) questing-security; urgency=high

  * SECURITY UPDATE: HTTP/2 SETTINGS frame infinite loop (vendored
    golang.org/x/net)
    - debian/patches/CVE-2026-33814.patch: move s.Valid() check before
      switch in ForeachSetting callback
    - CVE-2026-33814
  * SECURITY UPDATE: Uncontrolled Resource Consumption via unbounded
    group parsing
    - debian/patches/CVE-2026-47262.patch: bound user-database file
      reads in openUserFile, reject non-regular files
    - CVE-2026-47262
  * SECURITY UPDATE: Insufficient Verification of Data Authenticity in
    CRI checkpoint import
    - debian/patches/CVE-2026-50195.patch: remove re-tagging of restored
      checkpoint base images
    - CVE-2026-50195
  * SECURITY UPDATE: Reserved label propagation from image configs
    - debian/patches/CVE-2026-53488.patch: filter containerd.io/ and
      io.cri-containerd labels from image config
    - CVE-2026-53488
  * SECURITY UPDATE: UNIX Symbolic Link Following in CRI checkpoint
    restore
    - debian/patches/CVE-2026-53489.patch: add copyNoFollow,
      checkpointArchiveEntryAllowed, assertCheckpointDirSafe; use
      dedicated restore subdirectory
    - CVE-2026-53489
  * SECURITY UPDATE: Improper Input Validation of CDI annotations in
    checkpoint restore
    - debian/patches/CVE-2026-53492.patch: filter cdi.k8s.io
      annotations on checkpoint restore
    - CVE-2026-53492

 -- Eduardo Barretto <eduardo.barretto@canonical.com>  Mon, 22 Jun 2026 18:09:22 +0200

containerd-stable (2.1.6-0ubuntu1~25.10.1) questing; urgency=medium

  * Backport from resolute to questing (LP: #2127661)

 -- Athos Ribeiro <athos@ubuntu.com>  Tue, 10 Feb 2026 11:26:39 -0300

containerd-stable (2.1.6-0ubuntu1) resolute; urgency=medium

  * New upstream version 2.1.6
  * d/copyright: update copyright data
  * d/s/lintian-overrides: silence vendoring related warnings

 -- Athos Ribeiro <athos@ubuntu.com>  Tue, 13 Jan 2026 16:29:54 -0300

containerd-stable (2.1.5-0ubuntu1) resolute; urgency=medium

  * d/watch: use Github API to access older releases
  * New upstream version 2.1.5

 -- Athos Ribeiro <athos@ubuntu.com>  Wed, 17 Dec 2025 10:10:36 -0300

containerd-stable (2.1.3-0ubuntu1) questing; urgency=medium

  * Fork from containerd-app (LP: #2120949)
    - Update package name
    - Add Conflics, Replaces, and Provides relations with containerd
    - Update package description
    - Depends on runc-stable instead of runc

 -- Athos Ribeiro <athos.ribeiro@canonical.com>  Tue, 26 Aug 2025 10:35:27 -0300
