diffoscope_256_amd64.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Fri Feb 9 20:56:47 GMT 2024
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 09 Feb 2024 12:22:37 -0800
Source: diffoscope
Built-For-Profiles: nocheck
Architecture: source
Version: 256
Distribution: unstable
Urgency: high
Maintainer: Reproducible builds folks <reproducible-builds at lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby at debian.org>
Changes:
diffoscope (256) unstable; urgency=high
.
* Use a determistic name when extracting content from GPG artifacts instead
of trusting the value of gpg's --use-embedded-filenames. This prevents a
potential information disclosure vulnerability that could have been
exploited by providing a specially-crafted GPG file with an embedded
filename of, say, "../../.ssh/id_rsa". Many thanks to Daniel Kahn Gillmor
<dkg at debian.org> for reporting this issue and providing feedback.
(Closes: reproducible-builds/diffoscope#361)
* Temporarily fix support for Python 3.11.8 re. a potential regression
with the handling of ZIP files. (See reproducible-builds/diffoscope#362)
Checksums-Sha1:
4b1e814d39bb41bca62b1b4a21e2fddff7ae73f6 5179 diffoscope_256.dsc
550f068feeed5b9daaf90f5d205d7a0af314c015 2451936 diffoscope_256.tar.xz
d6c50efd148b08264c6acb8cbd1026c270250555 7502 diffoscope_256_amd64.buildinfo
Checksums-Sha256:
039563f19ebc3b97ecab902555dd424cf135fb8ea50ff087539f6f64c2bf6e96 5179 diffoscope_256.dsc
59d59659979ab62f875e9b7d2ca3fc39540d70238421780310a58b1296bad541 2451936 diffoscope_256.tar.xz
db85072b75f1dc70ce98fcef23396d75bd68dfac87c0b26043117e96bc0c8f08 7502 diffoscope_256_amd64.buildinfo
Files:
02c33595d6b364ff2eab584ced015b73 5179 devel optional diffoscope_256.dsc
b7b94774b1ed5f92621f8087ea29fb7d 2451936 devel optional diffoscope_256.tar.xz
5564240f26c22b5d714bb21cd125f3b0 7502 devel optional diffoscope_256_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmXGikgACgkQHpU+J9Qx
Hliz0A//VeWk1DzrzQoJUAUDe8URnUzg6ciyi5ng6q7yhlI9yXjPnl/svu0TOxQh
qCA9rqBQ+KBD6O6FV8kfXfpx/3S3zg6zDa1oyIUWEnEtn5oN4z9+iL6MMJ8DzCKz
D2GSxdtYsSOK3bmB5PRAIZcPlbgobBMqppVW5ZOAyFxT2F66wyw91p7vpB4oNfSv
qUmYh0bn5BAobHjpVQ0MEjrGytHbgPWrFX3V7cEqV4q4/CT38YG7ColDfF7XdNoS
aZOe9fwdCzlZ+3VS0Ja9NTKBIUB97unlkO7jUk+cNud0ZT9hvxCfD4Ka5yU7NLM8
pRB+f2+ACQmgUXQTo4lKL3Nfcs8KSfSmr9D7P10csX+39xqSEnNyRRFB5JLmVgRa
ab7t4naMUg1Na20Ieq5AvFkrymq+qz2/JZM/bLEDhbZxMls6XzLd0kuo9XRZickP
OoWaR7z1Om2R/gkjJtzcSiYcqJsWBQOtqgCQFvafrpy8k7bmD+g2kSvVLsz2I8Qo
bUAs+npJKICpLFBNAjK0MdSkM+sAzIeDCZLe4uYgg7FgrGZdm6EWEvJwQsvkPnvR
57DuZw6xCci9EP45nhfbuq93nn3AnV9OmIvKVGiSDjPoL4qer8jC7Nn62UetirU0
Q9IVseE0qsNzzsVwlaw8ysTyViLX2kyJk0kfxnr+VhhobckiLPs=
=hGZ8
-----END PGP SIGNATURE-----
More information about the Reproducible-builds
mailing list