Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted gnupg2 2.4.8-5 (source) into unstable
Date: Mon, 29 Dec 2025 17:34:38 +0000
Signed by: Andreas Metzler <ametzler@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 29 Dec 2025 18:03:49 +0100
Source: gnupg2
Architecture: source
Version: 2.4.8-5
Distribution: unstable
Urgency: high
Maintainer: Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Closes: 1124221
Changes:
 gnupg2 (2.4.8-5) unstable; urgency=high
 .
   [ Salvatore Bonaccorso ]
   * common: Reformat some comments in iobuf.c
   * gpg: Fix possible memory corruption in the armor parser (CVE-2025-68973)
     (Closes: #1124221) https://gpg.fail/memcpy #5
 .
   [ Andreas Metzler ]
   * Avoid potential downgrade to SHA1 in 3rd party key signatures.
     https://gpg.fail/sha1 #12
     Patch from STABLE-BRANCH-2-4
   * gpg: Error out on unverified output for non-detached signatures.
     https://gpg.fail/detached #1
     Patch from STABLE-BRANCH-2-4
Checksums-Sha1: 
 c172799cecfbece0371a3c65380c78fc36ea4c0e 5455 gnupg2_2.4.8-5.dsc
 56ac0d3fd7b427ccd4594c6c487fd4819129dd1b 124868 gnupg2_2.4.8-5.debian.tar.xz
Checksums-Sha256: 
 eee0be7308f6e1d4497da2a87ae1b627edaf83e84e5e1bc7c81f30e85898703e 5455 gnupg2_2.4.8-5.dsc
 1b83a4ace291850a46d346677971a3f130c3f0c677e95ba258d842a3620ca2e4 124868 gnupg2_2.4.8-5.debian.tar.xz
Files: 
 0eef67785ddd50f16bec5eb4d7240a64 5455 utils optional gnupg2_2.4.8-5.dsc
 81f184b0ee364ff375a9de2a7d844b37 124868 utils optional gnupg2_2.4.8-5.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmlStrgACgkQpU8BhUOC
FIR0kA/9Ehzdkr/+68njVZ/sytTrxmRGp+3iq0E5e1w5oOO7y9+3l3D9mGDrwSxN
bPjEbCTxUOkcYTsovjBUjPSTGn5aLpXV8SnvVJ68hQ3aGPZUGSn7Epswq0Z2G2zG
rkoK9kJl+8nq+p/AsrldUtdf2mIUEdlpGKWepR+Kn17AF2vTfD+C0TQ6S0s31Xq8
FeLg38vGs0Rsrm2KtgU5bHODIV+P5W3VQnSrGA0CFod1cOiiiAGHKOF8zPkfD/Mq
Ijv6miPJ4waNVi6K1KSvjIXdGB4c9pmWlwr7bd5+kr7ozLcURLeIiFXQet66Rvbo
hUEu+7baXS4l2mmwNLhV9M06QGdHMnFW1iucMs7g2PdxtJhJ/i9TCwu2ObJQRJcj
MumJWqN5ByGYgRH+VEEKX6qccx/fvVhrQk/oAGtzE9KSqzeDvZsxbB+Gmq9RZ4Km
Q+f3wUF+9uuBoCKc7GXTZvdQ72wqbl9q/icdFvkWD+icO3Yft07S2h7Hv2MAhHCQ
RvnqJYb80iWkbL9vEO2JGor4ur6oCC5TzS1/jS5LJtVOKEV4vI8tH7Xd4d6TwiHw
tC+kVXy+52ir21XNwfJH0CGDoUsn4CEyeD+Q5eHsk/bJVcTnHe4YXFYpxFLUrO3O
UM8GDS26eQd0Us4oLPjbeE5YxCSwdpiSaAfPomTiFRIhw2MjBIQ=
=sbzj
-----END PGP SIGNATURE-----

News for package gnupg2