-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 31 May 2026 17:39:51 +0200 Source: kas Architecture: source Version: 5.3-1 Distribution: unstable Urgency: medium Maintainer: Debian Python Team <team+python@tracker.debian.org> Changed-By: Felix Moessbauer <felix.moessbauer@siemens.com> Changes: kas (5.3-1) unstable; urgency=medium . * New upstream version 5.3 * kas: git: Avoid checking out sha-like branches as commits (CVE-2026-47191) * kas: verify signatures prior to checkout (CVE-2026-47192) * kas: strip credentials from attestation also if token is used * kas: ensure _source_dir is only set from main config file * kas: ensure git-clone path is not processed as option * kas: drop never correctly support for absolute include path * kas: limit include path traversals to repository * kas: Warn about repos with branches but without commit or lock file * kas: create a CACHEDIR.TAG in the kas build directory * kas: add Arch Linux to supported distros for locale settings * kas: schema: switch default distro to nodistro * kas: schema: enforce signer config constraints via schema * kas: dump: Use 2 spaces as indention in generated yaml * kas: Properly convert error list to string prior to output * kas: improve printing of os version * kas-container: do not construct image name if providing KAS_CONTAINER_IMAGE * kas-container: Fix podman detection * kas-container: do not process locale aliases * kas-container: query system docker path in isar mode, not assuming it Checksums-Sha1: 48f1b9121c8a160685092c5b84b4d29ca0f2f6dc 2289 kas_5.3-1.dsc 1c92e556d26055773729a95021b408d4499a8151 147033 kas_5.3.orig.tar.gz 0c6795f3399742fa8cfa7967a8df0e5401e15ec7 10932 kas_5.3-1.debian.tar.xz ac1919ac7c22844fe8c9e75dd4a458a0cbe7dbd3 10140 kas_5.3-1_amd64.buildinfo Checksums-Sha256: 409e55944b9deea9ee22cc35407d9f652f86bbedc1392e02036ca58a0a25e796 2289 kas_5.3-1.dsc ed9e3f9c76202362ed541d449f502c08d505d4c3ab7893ed50f338ced111abf6 147033 kas_5.3.orig.tar.gz 07e8ed45ab5856af4a294a50ca13e3cc317b2735b095c89ec3c9a4f80a8f6cc8 10932 kas_5.3-1.debian.tar.xz 91809d5b2a925e7dd2421e6bb396e29dc65c843e5c6d22a411161227cec30c8e 10140 kas_5.3-1_amd64.buildinfo Files: 5adfa6c7a7665870aef96595d6c808c0 2289 devel optional kas_5.3-1.dsc c353d426f88ec5d8853e478e5048b0db 147033 devel optional kas_5.3.orig.tar.gz 1d242ae3ed6c54a949b1f172c49f2c2f 10932 devel optional kas_5.3-1.debian.tar.xz c3f32b947350293a701ad9d284b24a8e 10140 devel optional kas_5.3-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJRBAEBCgA7FiEEr3P271pTz+MEVp9Q5kijEfZ6UPwFAmodHqsdHGZlbGl4Lm1v ZXNzYmF1ZXJAc2llbWVucy5jb20ACgkQ5kijEfZ6UPwdYBAAnVKJiPgOoDrYyp7U c3DCsvJpldk2u4rGe+IEWOcoGY54xxo2eK5UBQwgTyLh9SQdF/mHTY1mBffEMJxF NaL7246PNJLy6PJsBkYYfD7765mtf79+XvuwKhkaVorvfZSd7lTPbzWgfoOcA1+G +ku/Kc2g2HMISFvuG9P4QN8MyP8R1ZpcOZK1OLmkA5Wo0kyVPIo6YSqZ0Ulvf7MJ EeIxb7TukRUBjteecG3R9C2hPkis+Jw/RFxl+Q+R3ABrHw09pKa/pS6+zqSVM1VB f0NYj+DodnS2uagnBTyQN2Lpi9LVVjRDWLP+HtDPhLM+nYHBhx5QARoA7DxLKvw1 qHEanJmZucvXDjapupqruOdoPWlzvHgc+a8xx/uZJ7P0uy2QVecthkhFyMFgUjMd QMUSreD2QY2ZN616olZJycGuPyQvf/g7L0PTslFwUoZIbgMlYYGqGFzIZyn+c1EE bWrbf3M7S486ZhtuYvWZsRGq7XzZHLZV8zTNEKSMowxbP20Eoc1m7Ro4HrNtSzpf mllZwfNUEtSXB9T38rXlKxhvuqBHP+LIL4VcB2Wo6wAj7Q2r/YJc2FIjeI9dJyea x2dPk5Z9LhSAPnlEADbku5Or/MMsCWPoLFTgWWneazM/4L7N70O5nfYVnST6JMAR Ih8tWfRuwMhvSsHtkGrT+BM9XYU= =8mZz -----END PGP SIGNATURE-----
