Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted packagekit 1.3.5-1 (source) into unstable
Date: Wed, 22 Apr 2026 12:19:02 +0000
Signed by: Matthias Klumpp <mak@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 22 Apr 2026 12:58:04 +0200
Source: packagekit
Architecture: source
Version: 1.3.5-1
Distribution: unstable
Urgency: critical
Maintainer: Matthias Klumpp <mak@debian.org>
Changed-By: Matthias Klumpp <mak@debian.org>
Changes:
 packagekit (1.3.5-1) unstable; urgency=critical
 .
   * New upstream version: 1.3.5
     - This release fixes a local root exploit security vulnerability
       currently known as GHSA-f55j-vvr9-69xv / "Pack2TheRoot" that allows
       any user to obtain full root access on a system with PackageKit
       installed. Please update as soon as possible!
   * Drop fix-meson.patch: Applied upstream
   * Bump standards version (no changes needed)
Checksums-Sha1:
 cb5a8f3ad4f9994bd9f9757aac588acf2ef80d6d 3215 packagekit_1.3.5-1.dsc
 9e9f2cff07717682455f00c9a02fb41016501fae 2968448 packagekit_1.3.5.orig.tar.xz
 610b939d347ee4dc055fc469c6b9fb4ab2a99e27 833 packagekit_1.3.5.orig.tar.xz.asc
 fc033dc9089875358974563a69d094edbbe3204f 25824 packagekit_1.3.5-1.debian.tar.xz
 1d7cf304bcb685b65cee6b1dd71de8ffdf6ecbfe 19181 packagekit_1.3.5-1_source.buildinfo
Checksums-Sha256:
 8b97d693df7176893f8754c7e16b09870a61c8cf27473cd31e84836e8dc1d08a 3215 packagekit_1.3.5-1.dsc
 ea9e5954bc74b24c02cf31674a3ec792b3b74d5758ac0b6aca58ad76fc54374e 2968448 packagekit_1.3.5.orig.tar.xz
 e1e50cfac779217e3ee88939a40c8fff09ee006fa7ed968143f39431926bcebe 833 packagekit_1.3.5.orig.tar.xz.asc
 ddd849e69659fa740f5180999fcd2f69da088dde5d76f6930d55e800ebb2adb5 25824 packagekit_1.3.5-1.debian.tar.xz
 37b969eebbb7e87a73f71613b83c7e59477505eb2093a3dd0749ce5ca463b413 19181 packagekit_1.3.5-1_source.buildinfo
Files:
 ed9db1a01f8474d0665c71f83de6b8b0 3215 admin optional packagekit_1.3.5-1.dsc
 a2633d5d7753eab5fa5fa7ed396d66c8 2968448 admin optional packagekit_1.3.5.orig.tar.xz
 89f1b959801e6a38d88dacbf6c80accb 833 admin optional packagekit_1.3.5.orig.tar.xz.asc
 85b149b202b4ed65cea58b898e33cd6f 25824 admin optional packagekit_1.3.5-1.debian.tar.xz
 993f6f3952fbd8892f6a8fb670d7569a 19181 admin optional packagekit_1.3.5-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEE0zo/DKFrCsxRpgc4SUyKX79N7OsFAmnot9kPHG1ha0BkZWJp
YW4ub3JnAAoJEElMil+/TezrcJoP/jGZCbsTfYMKPk0Uq+6KsgRWCLTOLnuIPlzw
0CIQdb1wH8qotDbbYthoBUH5p7bjVO6g1nU04IGKdCxW+Rm+ivL+GvbBqVu64xW1
mf2EvuIlH4xPpIxYoSndg7t9ZvEDkCvrL1O/ZTnf8ScU71XR9nNWKmonpFbIreuE
K55WizNKAHs+pSlGyOK/FyPLCbyQGngvnbWywplpEJZJtMQJneZy6ENseHh4Ps8j
Q3FPjpyQ1kcGfofjFG0zv/H46qF2FwkHw6samJeRbAob0BuLtMF6pCguaQ8yJjlr
uPFdQ8HVl6FgkSIHu7F5Myv5YGRZy077FMXUljBJAMn4g2bT6oevgSzKLSZogX7P
6HEJtXQshUCq6c3jdI0UDsdGdxAH4nPghofqqui/9iui31yoqLJp4ksMAg82pXJ4
Yn8FTSE2BG2f2bd4sTNIhJFa5h0boqVqzphrXrPvF6TWgLW7ds3yu4SQZNVouRIm
irXWN8jBFaCq5BP1BShL3l9RHjMGqrH9XuBXYDFB0nBmiR6kqF0d3k+4CPPg7aj4
kQl9V2JNKq0PjeCtTM9OCGrcJMdmthdgK46Y0QZzKTInDAUVtzeSnv5ylUKxCXtB
PYcWMG9BegIBp66VbMWYsmcpTRQdRfN0RNUpERQKG3iwpiDnPHog6epqX4O/B1dD
YqjL74Ni
=LBvr
-----END PGP SIGNATURE-----
News for package packagekit
