-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 17 Jan 2025 09:39:49 +0000 Source: diffoscope Built-For-Profiles: nocheck Architecture: source Version: 285 Distribution: unstable Urgency: medium Maintainer: Reproducible builds folks <reproducible-builds@lists.alioth.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Closes: 396 397 Changes: diffoscope (285) unstable; urgency=medium . [ Chris Lamb ] * Validate --css command-line argument. Thanks to Daniel Schmidt @ SRLabs for the report. (Closes: #396) * Prevent XML entity expansion attacks through vulnerable versions of pyexpat. Thanks to Florian Wilkens @ SRLabs for the report. (Closes: #397) * Print a warning if we have disabled XML comparisons due to a potentially vulnerable version of pyexpat. * Remove (unused) logging facility from a few comparators. * Update copyright years. Checksums-Sha1: b6d4c6dd3c074bd51c01e7a65acd6254f3a5021a 5043 diffoscope_285.dsc b60a73ff112d272f17242e810e9b0bd8c9dad60b 2462264 diffoscope_285.tar.xz 00feb3e76c63c95899717b858e1c93908a75408d 7615 diffoscope_285_amd64.buildinfo Checksums-Sha256: e01e52b03ba80910701c450747175e5c69f90f7c852fe120bb80a9c0698b2006 5043 diffoscope_285.dsc 0818d7af61ace066fd41c3506673500f1b768b5b3e3d7ddb07ca6b368042b708 2462264 diffoscope_285.tar.xz f1e3f8bcebf51cfa2369a815055000c8c85d6058d7afd3c43791a0f36f0edf57 7615 diffoscope_285_amd64.buildinfo Files: 25b968a8da5bf2248c9633cf41f265ff 5043 devel optional diffoscope_285.dsc 57e93ffa85aac19dcb56c535a58085fe 2462264 devel optional diffoscope_285.tar.xz db9261b178ec4373226e1430e1447af9 7615 devel optional diffoscope_285_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmeKJeAACgkQHpU+J9Qx HljNMRAAqoZlLmf6y5LYDt3fOzL0Xw69HLtT8CuqMIplBJC/JbF9C5aK/a9KVqVj Ap7I3NVAUUCxqDhJAV257UZATGUG/aRk9ToVtrlNy2M38xHLYg3YRFBo0gOmDE/I TEEkHkEZS0EOHGuhtS8dfipmwvsoK4yLVzFe3/+HY9Rc56vkM/76MprKOxQmU9BI TdtvhTkJEIXU1zJJbxIFzfWYsgD2emtSCJWphCL32GTspLC1RHowpbGvjOfijCKP inHMaSUnHHYwZw7Jo+npgcB54fkDcNq0KhwaKaqc+ShNk0iAIRldWCZ/ib17TiAI DS3a5fJ4le1PGBts/VwI/u0fvNaCwhd3PlcwKp4CofiSRopP8AVekULcAhXCfeU6 w7wVxpn0bXTjSWGvMrR+c3uVuAFodB6+TXuWT1J+NlQXhQu7IYSA1ZsNgQydKbTO u8nHGoUhucv3dhaVMfZUyUgp02oZP/LfKKckEzC4CWxlyV2YkdZsedBlwT4mM0L7 LJ58fhOGSJ4lwq+VvfjvsgWkt6bqr0v6SNXyH1AqdKdr5mOdHhf8bZPEx941vhf3 OTMUxnp4zvVbt93RwF2PKCBMm0eVavRg5zsw22i8P1jWXLydn7XkEG57pXyj3JpR EyAVmF0gGo/I2tnoGolfHFyTVhAajrN5bMZLG2TP+IRg1bfgsLo= =a3eJ -----END PGP SIGNATURE-----