Accepted gnupg2 2.2.40-1.1+deb12u2 (source) into oldstable-proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted gnupg2 2.2.40-1.1+deb12u2 (source) into oldstable-proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 03 Jan 2026 00:02:50 +0000
Message-id: <[🔎] E1vbp6Y-00000000n3L-0Lhh@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 01 Jan 2026 15:54:00 +0100
Source: gnupg2
Architecture: source
Version: 2.2.40-1.1+deb12u2
Distribution: bookworm
Urgency: high
Maintainer: Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
Changed-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Closes: 1124221
Changes:
 gnupg2 (2.2.40-1.1+deb12u2) bookworm; urgency=high
 .
   * Address four issues from https://gpg.fail, including:
     + Fix CVE-2025-68973 (Closes: #1124221)
     + Avoid potential downgrade to SHA1 in 3rd party key signatures.
     + Error out on unverified output for non-detached signatures.
     + Do not use a default when asking for another output filename.
   * d/control: Point Vcs-Git to the correct branch
Checksums-Sha1:
 99676c3caa7a43dd4f1973aee978edab13ad914e 3364 gnupg2_2.2.40-1.1+deb12u2.dsc
 5c3d1476b85b7524d4786bcb0a3d5df4868f182a 67520 gnupg2_2.2.40-1.1+deb12u2.debian.tar.xz
 a9c1e59e539c73ddccc1fa507101d8876cf93e0c 10865 gnupg2_2.2.40-1.1+deb12u2_source.buildinfo
Checksums-Sha256:
 2424239219b00265dd99c5a2c5f9d50f9cafc15f0945946bb16ac1a50ec38310 3364 gnupg2_2.2.40-1.1+deb12u2.dsc
 398ad74f63d81edd9365df97129d05061829599bf50e72824576e1dda23fbe62 67520 gnupg2_2.2.40-1.1+deb12u2.debian.tar.xz
 b9128491f7134c6980c5eae377f09fea64a320feac85499f0c40b79d24679686 10865 gnupg2_2.2.40-1.1+deb12u2_source.buildinfo
Files:
 f0e4aee80f735012d20932fa8a643f4c 3364 utils optional gnupg2_2.2.40-1.1+deb12u2.dsc
 4e8e142aa1cff332485efcf659b3495f 67520 utils optional gnupg2_2.2.40-1.1+deb12u2.debian.tar.xz
 ae362ebc709ca5af08c793a87634ef38 10865 utils optional gnupg2_2.2.40-1.1+deb12u2_source.buildinfo


-----BEGIN PGP SIGNATURE-----

wr0EARYKAG8FgmlX+d4JEHgLhU7ZwrSWRxQAAAAAAB4AIHNhbHRAbm90YXRpb25z
LnNlcXVvaWEtcGdwLm9yZxw6bKfLfkgRDrOc4jxYIGsiogA6T2r2mhmtAJ8lPdvK
FiEEY6wRjlsuXWbIioWneAuFTtnCtJYAAIL/AP9VnIse+8u2LGmSp6ZJdIUyTMIp
rlRBuFyLROMjucYlKgD/XSwTfqmRP1tZSIjyr8O2RCanDsKSG29ItOVrLFUIAw0=
=38xQ
-----END PGP SIGNATURE-----

Attachment: pgpOd46Hh34HM.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted linux-signed-i386 6.1.159+1 (source) into oldstable-proposed-updates
Next by Date: Accepted mbedtls 3.6.5-0.1~deb13u1 (source) into proposed-updates
Previous by thread: Accepted linux-signed-i386 6.1.159+1 (source) into oldstable-proposed-updates
Next by thread: Accepted mbedtls 3.6.5-0.1~deb13u1 (source) into proposed-updates
Index(es):
- Date
- Thread