Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted gnupg2 2.2.27-2+deb11u3 (source) into oldoldstable-security
Date: Wed, 14 Jan 2026 14:50:23 +0000
Signed by: Roberto C. Sanchez <roberto@familiasanchez.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 09 Jan 2026 14:55:20 -0500
Source: gnupg2
Architecture: source
Version: 2.2.27-2+deb11u3
Distribution: bullseye-security
Urgency: high
Maintainer: Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
Changed-By: Roberto C. Sánchez <roberto@debian.org>
Closes: 1124221
Changes:
 gnupg2 (2.2.27-2+deb11u3) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Sync with version in bookworm
   * Address four issues from https://gpg.fail, including:
     + Fix CVE-2025-68973 (Closes: #1124221)
     + Avoid potential downgrade to SHA1 in 3rd party key signatures.
     + Error out on unverified output for non-detached signatures.
     + Do not use a default when asking for another output filename.
Checksums-Sha1:
 b60f572666f9c7e33af2e11b4b7ee981acc461f6 3680 gnupg2_2.2.27-2+deb11u3.dsc
 c3108e11a52e61cf3517ac36497778f58d055acc 68256 gnupg2_2.2.27-2+deb11u3.debian.tar.xz
 4b36765fc3941b5b7a4d2c85d69222986f3c0ab0 20113 gnupg2_2.2.27-2+deb11u3_amd64.buildinfo
Checksums-Sha256:
 835b5ac7f04f5a30cd7ae56966d9ed96296fec72773b651530c22515bca1ff57 3680 gnupg2_2.2.27-2+deb11u3.dsc
 bbef7de39d7241225c854f5672c2e74eace7ed78d2e4c0993dbbeac38a8fb50c 68256 gnupg2_2.2.27-2+deb11u3.debian.tar.xz
 66652ab1f8bafcaa8f5f6698b71458714950bf82dceb0feb7bbabcc9c29bb503 20113 gnupg2_2.2.27-2+deb11u3_amd64.buildinfo
Files:
 67391d3fc2d4c39077912589abcfefe0 3680 utils optional gnupg2_2.2.27-2+deb11u3.dsc
 372ddfbf0737fd16520efad704541a98 68256 utils optional gnupg2_2.2.27-2+deb11u3.debian.tar.xz
 3d8e5dce7e2bdeb1e13a8d02171751cc 20113 utils optional gnupg2_2.2.27-2+deb11u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAmlnqnkACgkQldFmTdL1
kUK4ow/+Ok58+W68skHI3jkPduMJnthT7yY69dJ34vXNuTmlpW5sDpu2IuN/bgiW
X/hARhsUOkX0PDaL+J4e5p9bfhV8mvjw8lhGuFlB+EkILTnJ/zLHY3PFfCUpVuIj
fyv2FG/MnuSwijgBTxxW7SfY/F6c1+l9NbNwBkI9kueS8zgdmTQFgY5O8XqE5iEn
AbuJW4nsFQoVsocItCYYrZI7oODy9rvS8+Ncj7Xr7KH9REqUQIhHqTrTpTCZFtat
693YeXIPae8jWeN/av0dI13AamdiIiIWE/AcozdJvKgMIM3Gl8RbjsT6JCq0bxax
ttEOloSWU2+zdb0lndQRxKJsURT5nAbSokqAcNQNosZ/Q0ydTgML452tRpoNh7D2
a1QedRPyOQhB+J8zS9dzqVUthHzV9Lwi9/08OialRhq4Rd5nY/ySWx4PRDWSMGkN
6qe8DR3fOgHVLCRrtH3ZdbLmFL6rCdy6zTED2po8Q8hHAFwX8xISXu709PyxQ3NW
bda8OzuICS6NrbRu4bN9Cv0d0HZTOdM+kpd1LH2LH7GBJqdeba5WZBohnBTH3mKC
EDwmIb0La1BwmukgzWiL0rV9KXQIxxwGBChwXrPwUdmyWErbrEBooAtjeyOfC6iq
/3Sm7VEKubjivieO8UgeM8mx/msvjyr30DMLV1xSk0uKnTqkuA8=
=lfQo
-----END PGP SIGNATURE-----

News for package gnupg2