containerd-stable (2.2.2-0ubuntu1.1) resolute-security; urgency=high

  * SECURITY UPDATE: HTTP/2 SETTINGS frame infinite loop (vendored
    golang.org/x/net)
    - debian/patches/CVE-2026-33814.patch: move s.Valid() check before
      switch in ForeachSetting callback
    - CVE-2026-33814
  * SECURITY UPDATE: Uncontrolled Resource Consumption via unbounded
    group parsing
    - debian/patches/CVE-2026-47262.patch: bound user-database file
      reads in openUserFile, reject non-regular files
    - CVE-2026-47262
  * SECURITY UPDATE: Insufficient Verification of Data Authenticity in
    CRI checkpoint import
    - debian/patches/CVE-2026-50195.patch: remove re-tagging of restored
      checkpoint base images
    - CVE-2026-50195
  * SECURITY UPDATE: Reserved label propagation from image configs
    - debian/patches/CVE-2026-53488.patch: filter containerd.io/ and
      io.cri-containerd labels from image config
    - CVE-2026-53488
  * SECURITY UPDATE: UNIX Symbolic Link Following in CRI checkpoint
    restore
    - debian/patches/CVE-2026-53489.patch: add copyNoFollow,
      checkpointArchiveEntryAllowed, assertCheckpointDirSafe; use
      dedicated restore subdirectory
    - CVE-2026-53489
  * SECURITY UPDATE: Improper Input Validation of CDI annotations in
    checkpoint restore
    - debian/patches/CVE-2026-53492.patch: filter cdi.k8s.io
      annotations on checkpoint restore
    - CVE-2026-53492

 -- Eduardo Barretto <eduardo.barretto@canonical.com>  Mon, 22 Jun 2026 18:09:24 +0200

containerd-stable (2.2.2-0ubuntu1) resolute; urgency=medium

  * New upstream version 2.2.2 (LP: #2145667)

 -- Athos Ribeiro <athos@ubuntu.com>  Mon, 23 Mar 2026 13:55:14 -0300

containerd-stable (2.2.1-0ubuntu1) resolute; urgency=medium

  * New upstream version 2.2.1
  * d/containerd-stable.docs: update NOTICE files
  * d/copyright: update copyright data

 -- Athos Ribeiro <athos@ubuntu.com>  Thu, 19 Feb 2026 08:02:39 -0300

containerd-stable (2.1.6-0ubuntu1) resolute; urgency=medium

  * New upstream version 2.1.6
  * d/copyright: update copyright data
  * d/s/lintian-overrides: silence vendoring related warnings

 -- Athos Ribeiro <athos@ubuntu.com>  Tue, 13 Jan 2026 16:29:54 -0300

containerd-stable (2.1.5-0ubuntu1) resolute; urgency=medium

  * d/watch: use Github API to access older releases
  * New upstream version 2.1.5

 -- Athos Ribeiro <athos@ubuntu.com>  Wed, 17 Dec 2025 10:10:36 -0300

containerd-stable (2.1.3-0ubuntu1) questing; urgency=medium

  * Fork from containerd-app (LP: #2120949)
    - Update package name
    - Add Conflics, Replaces, and Provides relations with containerd
    - Update package description
    - Depends on runc-stable instead of runc

 -- Athos Ribeiro <athos.ribeiro@canonical.com>  Tue, 26 Aug 2025 10:35:27 -0300
