[pkg-gnupg-maint] gnupg2_2.4.7-21+deb13u1_multi.changes ACCEPTED into proposed-updates

Thu Jan 1 22:02:20 GMT 2026

Thank you for your contribution to Debian.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 01 Jan 2026 06:46:01 +0100
Source: gnupg2
Architecture: source
Version: 2.4.7-21+deb13u1
Distribution: trixie
Urgency: high
Maintainer: Debian GnuPG Maintainers <pkg-gnupg-maint at lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler at debian.org>
Closes: 1124221
Changes:
 gnupg2 (2.4.7-21+deb13u1) trixie; urgency=high
 .
   * Avoid potential downgrade to SHA1 in 3rd party key signatures.
     https://gpg.fail/sha1 #12
     Patch from STABLE-BRANCH-2-4
   * gpg: Error out on unverified output for non-detached signatures.
     https://gpg.fail/detached #1
     Patch from STABLE-BRANCH-2-4
   * gpg: Fix possible memory corruption in the armor parser (CVE-2025-68973)
     https://gpg.fail/memcpy #5
     Patch from STABLE-BRANCH-2-4 (Closes: #1124221)
   * gpg: Do not use a default when asking for another output filename.
     https://gpg.fail/filename #2
     Unfuzzed patch from GIT master
Checksums-Sha1: 
 c12b0da813d757e0fe40fdb89c2cda16d2b94b21 4933 gnupg2_2.4.7-21+deb13u1.dsc
 0b53a1ba3ba2f246bc24287841b89f85d9636aa6 131264 gnupg2_2.4.7-21+deb13u1.debian.tar.xz
Checksums-Sha256: 
 30a96cd2d26a57f6796507bf8f083825734d4081e3c5f922d2b99bb2bf671212 4933 gnupg2_2.4.7-21+deb13u1.dsc
 3941a8a537e258f6216ad1c1b9ecb255dfc286e5d03eb39805e536de4a448856 131264 gnupg2_2.4.7-21+deb13u1.debian.tar.xz
Files: 
 193ea1d8392dc4c9fbd345ae2f9f4e05 4933 utils optional gnupg2_2.4.7-21+deb13u1.dsc
 dcb30dc77eb35af0224f1ff5101e00ab 131264 utils optional gnupg2_2.4.7-21+deb13u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmlWDVgACgkQpU8BhUOC
FISEBw/9HSQQbT8aC+ucB83bCi79ggrmgcAGL04c0AA5pAw94EFFYPwEsqOuaE2V
6V//Fsexu2+liK3I9cBoxtdpGwtlvOm9r90jCoVeJIRpJlX7AXcwQUGopOLAAw/Q
PHx4yxHTFUjTo7eLoHfAurDFmSK5ThzrI1ebN/YYkzPHuld2YRwR0dM3c1e8Qvck
+glPbJbPiJsLo8lZX0Retfh/StjR7OBPz+6MbthP8AYWldWZua21LPx270HEUDJp
lHDXTjVUEjY7B6M7DX5J+JD9oRFtBTpgpo+w9yDWJtjj+kkMdmGNncj6iDg/Z097
un5ilOKqbRETLWP29pouyC1w0senkoDUFhrh5otsR2pq9c1RYfh2rhdGjjM/qUPN
iXcXbm0XyRythfz4E9tICTGkYsVqzZZW+XNSSjIfTkeVGsZ4u0vT5z+oxtRqNe3D
rPVMKR/S5Dby+duO6Q9Bg2/EX/CXE1B97Ubn06vIjifXxXdRCH+7mjDanV1IsKcP
9ADZLNlFCkRrLwL0YTaxeck/WFpdEUGfwKdBeDLAcM3eGkVjoZIze3te/ANrpZOG
8s44YqmTAI828SvlF+KQoG6XEbQ3kX9teLo93sEozxfFtR/MHTufZ2tarBgBzFRs
aJ/67TRD+m0/uUvWhA6Gqm5XWmGWUxOqNw+db4NASNJq38L+8Nk=
=glpN
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20260101/99df05bb/attachment-0001.sig>