-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 01 Jan 2026 15:54:00 +0100 Source: gnupg2 Binary: dirmngr dirmngr-dbgsym gnupg-utils gnupg-utils-dbgsym gpg gpg-agent gpg-agent-dbgsym gpg-dbgsym gpg-wks-client gpg-wks-client-dbgsym gpg-wks-server gpg-wks-server-dbgsym gpgconf gpgconf-dbgsym gpgsm gpgsm-dbgsym gpgv gpgv-dbgsym gpgv-static gpgv-static-dbgsym gpgv-udeb scdaemon scdaemon-dbgsym Architecture: armhf Version: 2.2.40-1.1+deb12u2 Distribution: bookworm Urgency: high Maintainer: arm Build Daemon (arm-ubc-06) Changed-By: Daniel Kahn Gillmor Description: dirmngr - GNU privacy guard - network certificate management service gnupg-utils - GNU privacy guard - utility programs gpg - GNU Privacy Guard -- minimalist public key operations gpg-agent - GNU privacy guard - cryptographic agent gpg-wks-client - GNU privacy guard - Web Key Service client gpg-wks-server - GNU privacy guard - Web Key Service server gpgconf - GNU privacy guard - core configuration utilities gpgsm - GNU privacy guard - S/MIME version gpgv - GNU privacy guard - signature verification tool gpgv-static - minimal signature verification tool (static build) gpgv-udeb - minimal signature verification tool (udeb) scdaemon - GNU privacy guard - smart card support Closes: 1124221 Changes: gnupg2 (2.2.40-1.1+deb12u2) bookworm; urgency=high . * Address four issues from https://gpg.fail, including: + Fix CVE-2025-68973 (Closes: #1124221) + Avoid potential downgrade to SHA1 in 3rd party key signatures. + Error out on unverified output for non-detached signatures. + Do not use a default when asking for another output filename. * d/control: Point Vcs-Git to the correct branch Checksums-Sha1: be5a7fc6caf728a4a2e1f09cd29cef4de6fc60a1 969768 dirmngr-dbgsym_2.2.40-1.1+deb12u2_armhf.deb bd52e690ba493e977f096b7e9ba48e5d9b4156f4 748756 dirmngr_2.2.40-1.1+deb12u2_armhf.deb 90163d153a6fd18f79a446a8f539bf3283743377 1583840 gnupg-utils-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 37cc35b355db01ec333205579596d570e73626c0 850884 gnupg-utils_2.2.40-1.1+deb12u2_armhf.deb 07d808f03801d0271e2f3c3a11a5e56dbc6d7b6a 16797 gnupg2_2.2.40-1.1+deb12u2_armhf-buildd.buildinfo 66c9c6aaf2e93464d8b6aec0d4564f7a98883c54 941600 gpg-agent-dbgsym_2.2.40-1.1+deb12u2_armhf.deb a10c8403e6cc346d3dc538c4ac2c938f9865d30b 652140 gpg-agent_2.2.40-1.1+deb12u2_armhf.deb 5012cd3364ada07607054a91a3d4074666c5eab5 1246256 gpg-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 8873b0341329c3538ec274f08501c69d7c41246f 299900 gpg-wks-client-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 494a45fdb387407b28a8aa8d538e2a8723d82ca1 524588 gpg-wks-client_2.2.40-1.1+deb12u2_armhf.deb 0c2a5bdf9a458d622fe982d7b681d3c0aa1dfdc9 273960 gpg-wks-server-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 7efe17f5d3144aee51f86918ffe1c0a9f4a49601 517264 gpg-wks-server_2.2.40-1.1+deb12u2_armhf.deb 8b168fb751dd3dd9db49a8d41b4ecc2e6ee3e36e 884056 gpg_2.2.40-1.1+deb12u2_armhf.deb 7aa383ef1a12a18ffc35a90de2f82a5738b15395 372196 gpgconf-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 77661d4cc6856efd638c09ad0e37980ecf1f8790 547184 gpgconf_2.2.40-1.1+deb12u2_armhf.deb bede398f8d8d078b018d291d46593f6210a4c07c 636576 gpgsm-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 8b30dd2770091df2c34ba74fbf253e8a7deeed84 637204 gpgsm_2.2.40-1.1+deb12u2_armhf.deb a91b32ba7d62b61a427a0abcb56203268026ffd1 599148 gpgv-dbgsym_2.2.40-1.1+deb12u2_armhf.deb bccdb4fa93d8729e9faa6fd250ec4515ad189b6e 660736 gpgv-static-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 97e68a53fff0fdccbdc0b787ea4dddfffb076b60 1293328 gpgv-static_2.2.40-1.1+deb12u2_armhf.deb 9aa9fef66ba56fb26db5b60ff0bbf62d14c11e9f 167260 gpgv-udeb_2.2.40-1.1+deb12u2_armhf.udeb 3d1c7f5497ed1651f6dbab1f644915cfb5be241b 615724 gpgv_2.2.40-1.1+deb12u2_armhf.deb 927734a8e469280ea1ef75c4ef0cf88ef1c88b5a 559684 scdaemon-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 8aba6ca7569271eab47cff50d1c058e18a91af2b 616988 scdaemon_2.2.40-1.1+deb12u2_armhf.deb Checksums-Sha256: c712f09f05669c33dc5453428f046b2fa3abf0355029e38f234197375d9d8ca2 969768 dirmngr-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 56bac8f42062e20c3a73c58bc0771e8a1a98a10739fdf3392c01c57f26405a57 748756 dirmngr_2.2.40-1.1+deb12u2_armhf.deb 860fd4a7e6c91ac57dc874cc85caf4e26820711e148d7abe9e433412931f6d16 1583840 gnupg-utils-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 2cef0b003e5084475b7824f1a1876c666745c3733c3edede9a399fa5caccb843 850884 gnupg-utils_2.2.40-1.1+deb12u2_armhf.deb 4f84b50843cfa3d7ef8fe0929dc902ad804acbfb7de78fa19968f1167d8d9a51 16797 gnupg2_2.2.40-1.1+deb12u2_armhf-buildd.buildinfo 9cb0bf2e5b2c7c8b120a64bf9a4305e268a35cb79a1c6fc189a031b17db5178c 941600 gpg-agent-dbgsym_2.2.40-1.1+deb12u2_armhf.deb a5de341bcc630c5354aedd4439cab4d8347045011599ce6fa3c9555ae1358465 652140 gpg-agent_2.2.40-1.1+deb12u2_armhf.deb 495af2a007eae2107b72966f1e26868ca2d6d61dac26eba3792825617c3b7bff 1246256 gpg-dbgsym_2.2.40-1.1+deb12u2_armhf.deb b9c2790e64d1d037416f88a8b18c61e9eeec2ad6461bd010c163aaaf50332f08 299900 gpg-wks-client-dbgsym_2.2.40-1.1+deb12u2_armhf.deb fb45a0989de8fa5b2923fd55ceaf558709b89607af9189919b34a389b1cf8fca 524588 gpg-wks-client_2.2.40-1.1+deb12u2_armhf.deb 8b1c9583ace0f8ddb1bc651a70907e4001c7bbb5a97046a6e603381cf54de011 273960 gpg-wks-server-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 546a4f85e9efb432bbd63b66dd3cff13f0fd36a15c3bd1f1d26ce7400b28eb67 517264 gpg-wks-server_2.2.40-1.1+deb12u2_armhf.deb 5af90d0cc2ab93597df214130a5c9ba2610ff80e8cca2c841f4b40541adbcf27 884056 gpg_2.2.40-1.1+deb12u2_armhf.deb 917f1173d30e7cf2b54206aace7c1d840680b7284410fce2fb2f6c75d6e90289 372196 gpgconf-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 5f999e81bb071cf0d507592b66af66ebb4a1d411057bcaf17a1a670fe90dc622 547184 gpgconf_2.2.40-1.1+deb12u2_armhf.deb ff9547982d6958d99685e2fc40a0afdcc4b5ea208923458ab49a25c84ca0ccb8 636576 gpgsm-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 9a097993ba7a35f95e7f37f3f3c71404e87c6110f042eb4922a66e5c3cc03fe4 637204 gpgsm_2.2.40-1.1+deb12u2_armhf.deb d501fa07b0e89efc1b3b058b00331bcd3024ded026adaf8f24b7957abb609683 599148 gpgv-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 5d7b21be749078b71e7230e408ea65af4bbef906e913b8cb25a64c7edf6e8647 660736 gpgv-static-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 3afe9fcabd6b6eaa5a7d3ca1c017482f28fbcc0e19afed3b88ba1391a35ec6a4 1293328 gpgv-static_2.2.40-1.1+deb12u2_armhf.deb c7342a8c6551a7a33fe8fe3b77427e70e2f635545f5008c3cf3bf432c62ae04f 167260 gpgv-udeb_2.2.40-1.1+deb12u2_armhf.udeb 73104199d70ff79667b2e52e413ce00bccdc5656f5eae05fbb1cc79e9c622303 615724 gpgv_2.2.40-1.1+deb12u2_armhf.deb 58e1fc4b6c10954b0ccb8599694d26eab16e2547e121311306d944ccc3578654 559684 scdaemon-dbgsym_2.2.40-1.1+deb12u2_armhf.deb d45e75068986a559f702e3a25c84794635dfaff5875f81a357e0b92d8df1303f 616988 scdaemon_2.2.40-1.1+deb12u2_armhf.deb Files: e51c49c0a6f7c8510ebff4a508c9656b 969768 debug optional dirmngr-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 9352e776b3ab47758c188176d81176a3 748756 utils optional dirmngr_2.2.40-1.1+deb12u2_armhf.deb 1ff6f168030125b6e88a2780da1b3b11 1583840 debug optional gnupg-utils-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 28db4fee469a2f590a06071682649abb 850884 utils optional gnupg-utils_2.2.40-1.1+deb12u2_armhf.deb 0b9e9dafec87217393ebe1c3af31a99c 16797 utils optional gnupg2_2.2.40-1.1+deb12u2_armhf-buildd.buildinfo 5c81ab73f4b4567602bbda42ef74bc4c 941600 debug optional gpg-agent-dbgsym_2.2.40-1.1+deb12u2_armhf.deb d148ef2bdeb224b4afe07b466a63aafe 652140 utils optional gpg-agent_2.2.40-1.1+deb12u2_armhf.deb 019506e5ef7f1c110e4098795026474c 1246256 debug optional gpg-dbgsym_2.2.40-1.1+deb12u2_armhf.deb cb51c339665c63375a0a7fa4811f1de2 299900 debug optional gpg-wks-client-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 3234ce231c5fed8230aae429ad0bf7c1 524588 utils optional gpg-wks-client_2.2.40-1.1+deb12u2_armhf.deb 5e1aa08625235839718b68f125b035d8 273960 debug optional gpg-wks-server-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 67be8e6613fa96de4883b0818237f621 517264 utils optional gpg-wks-server_2.2.40-1.1+deb12u2_armhf.deb 8abfe16d2866f14c6a6f149dccc85e72 884056 utils optional gpg_2.2.40-1.1+deb12u2_armhf.deb 5442627fd317a403472746c3ca0b45ed 372196 debug optional gpgconf-dbgsym_2.2.40-1.1+deb12u2_armhf.deb fad7d2dbb1f763ef9d9eab0822203aeb 547184 utils optional gpgconf_2.2.40-1.1+deb12u2_armhf.deb c65d3d1627490cdd3facc424297e7a08 636576 debug optional gpgsm-dbgsym_2.2.40-1.1+deb12u2_armhf.deb cd4cefb06ef5e30868c3afc2ada3cca6 637204 utils optional gpgsm_2.2.40-1.1+deb12u2_armhf.deb 3a69840d10db89c9d57e60b168a473c5 599148 debug optional gpgv-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 0404f3df922a1d2aeca40a3d448f186b 660736 debug optional gpgv-static-dbgsym_2.2.40-1.1+deb12u2_armhf.deb cd0f14f2fe811e3ce74827b1c1798929 1293328 utils optional gpgv-static_2.2.40-1.1+deb12u2_armhf.deb ae83167c8c5fccd36a1da4bac5de9069 167260 debian-installer optional gpgv-udeb_2.2.40-1.1+deb12u2_armhf.udeb a48376e5b74be953d909c721bcd77f67 615724 utils important gpgv_2.2.40-1.1+deb12u2_armhf.deb 4fb59c19a1d8723d2f55bc5dc24d67c3 559684 debug optional scdaemon-dbgsym_2.2.40-1.1+deb12u2_armhf.deb 98a5cbdab7ce70f63ae37f83484076a8 616988 utils optional scdaemon_2.2.40-1.1+deb12u2_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpxWVfktWxVoKRwGgJ7tNDw2WyRsFAmlYYDkACgkQJ7tNDw2W yRvotRAA3xOlXGrYAkTwCzE162FvkfeMppDEImV37n89zAAJxTw1IDZ1BqDKvrFZ bufGXU/1SU2fMxBZDTI57Y8xcRNRX2G61oW3gEMfH6e/zR+u9eOsBTiKmkUhgIIz 7/nT0lSJDvfcvYSUcDEao8luw5ka/7ZI3PrlY4eLRP/VImWTy94HyO3OODFWjwCu r55tGSDSyrTZE+F7AioddUPYucPS4RH6+D6GQ+Rtv5VT9dbXnH/036xvc5buHXds IFRTSLUje/orJX+rA8164ZkCuvWP5zqLp0Op8oMvfq6X/R73TF2HBuy/LSD1MdvE IML5zWnVaBkt1zikp+cLhZys2rmhzTqwTte+uOKH5wW0oXmpmxAGTRPGF2DUkhxW kfVEndWT17EYQ6yM4w60oTumWn22k0iTklc/PCpnZp2HSYgf7nz1yi9R/vUfbMEv tT5Lq93icqztHiUMfeuON4xiRi1wdGgRTs/d0C1B5rY55oAL2Pi9YC+YvpMpyBkf rpdsHDoK1DxmAlVKcYUJbk4FV2kACtP4+OSYu//ysOAC6CXxyXby1OxmizSQnK6P gzjNUQDtzYrii/0HpbNLLzLVI9PwO20vxeuVkNnYpqhmbdoC186zhrF0dJ+MaI3E Cdq3LCo7wyaDXG7PYM5cFkOpPWCclXUVo4ov153+lZDsWXRROTo= =UMav -----END PGP SIGNATURE-----