-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 01 Jan 2026 15:54:00 +0100 Source: gnupg2 Binary: gnupg gnupg-agent gnupg-l10n gnupg2 gpgv-win32 gpgv2 Architecture: all Version: 2.2.40-1.1+deb12u2 Distribution: bookworm Urgency: high Maintainer: all Build Daemon (x86-csail-02) Changed-By: Daniel Kahn Gillmor Description: gnupg - GNU privacy guard - a free PGP replacement gnupg-agent - GNU privacy guard - cryptographic agent (dummy transitional packa gnupg-l10n - GNU privacy guard - localization files gnupg2 - GNU privacy guard - a free PGP replacement (dummy transitional pa gpgv-win32 - GNU privacy guard - signature verification tool (win32 build) gpgv2 - GNU privacy guard - signature verification tool (dummy transition Closes: 1124221 Changes: gnupg2 (2.2.40-1.1+deb12u2) bookworm; urgency=high . * Address four issues from https://gpg.fail, including: + Fix CVE-2025-68973 (Closes: #1124221) + Avoid potential downgrade to SHA1 in 3rd party key signatures. + Error out on unverified output for non-detached signatures. + Do not use a default when asking for another output filename. * d/control: Point Vcs-Git to the correct branch Checksums-Sha1: 969acfccde72532817d105c9641471f8775c823e 445764 gnupg-agent_2.2.40-1.1+deb12u2_all.deb e2bfaee0e637dfd959cfdd1924f48cdf928543e9 1092644 gnupg-l10n_2.2.40-1.1+deb12u2_all.deb 397c6a7e71b8a9fc0c708c32e65f4b759995788e 13203 gnupg2_2.2.40-1.1+deb12u2_all-buildd.buildinfo 6dcd556ddac308b97ffb44a060e4c2f85f6a2993 445840 gnupg2_2.2.40-1.1+deb12u2_all.deb ae28b64fea8db23b34f8c96423e717f17856af7c 846132 gnupg_2.2.40-1.1+deb12u2_all.deb 938ab13ddc2a54519f537e777d0e9874e31abaa1 1094120 gpgv-win32_2.2.40-1.1+deb12u2_all.deb bf82bddbb599002f78e356c9c23f88d7537f9a33 445764 gpgv2_2.2.40-1.1+deb12u2_all.deb Checksums-Sha256: 4377a7ce6f040f5a41ae7ca0b9e6898c8142689ee8b0543e2a4de7e0bf400f28 445764 gnupg-agent_2.2.40-1.1+deb12u2_all.deb c985452d06cc7b3b1044cd1eb3f2acac773836d34cafb35b5a4bebae02c1caa0 1092644 gnupg-l10n_2.2.40-1.1+deb12u2_all.deb 7998f2d18e0610feb37e13ff8c5e4a170c55a22a44f08aa92229bbbd439f4bb6 13203 gnupg2_2.2.40-1.1+deb12u2_all-buildd.buildinfo a8b7abe7567308542590f2fe243f6e2f80002bcd7a1ef5f002f27710372172f7 445840 gnupg2_2.2.40-1.1+deb12u2_all.deb d3f860cf16da5d61875a324859045fd1f4a888ed0ddef55d7e9f977dd729a76e 846132 gnupg_2.2.40-1.1+deb12u2_all.deb 8bdca54419dd35f4bf99d09f7dbef8e44a695ae360e5ab7830d8ba5b3644ae52 1094120 gpgv-win32_2.2.40-1.1+deb12u2_all.deb ca77894f45d41081edb63f2179dff206f5f40a188fbd35b97b09b75e510c0c4e 445764 gpgv2_2.2.40-1.1+deb12u2_all.deb Files: 196b5980798e6b10e063c0ca08876b77 445764 oldlibs optional gnupg-agent_2.2.40-1.1+deb12u2_all.deb 682face76382dc02912f9fa911c47fa5 1092644 localization optional gnupg-l10n_2.2.40-1.1+deb12u2_all.deb 03bcb873abb6ec9217c3a6e1aa55055f 13203 utils optional gnupg2_2.2.40-1.1+deb12u2_all-buildd.buildinfo 4a1829036f2422c87c7afd822b1541d6 445840 oldlibs optional gnupg2_2.2.40-1.1+deb12u2_all.deb 97c080079eda65688b41ed940a06f4fc 846132 utils optional gnupg_2.2.40-1.1+deb12u2_all.deb 13aa5ea059ea8a8981a2c94c32a89407 1094120 utils optional gpgv-win32_2.2.40-1.1+deb12u2_all.deb 2182c8d5faa13b1b54d8a3f1cb40a644 445764 oldlibs optional gpgv2_2.2.40-1.1+deb12u2_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEELusn8jY95Sf7obGlx30Wh8LXl/YFAmlYYF0ACgkQx30Wh8LX l/bOyg//YBrIQceIo/yg+63+hb5IexskA9C8w6KZCciKsqG8PJPwMjMyOZLSSQJb HvvTJVPhw7ADKMbMoEedf3/7UJe/KkV2WUMpE5FUFxndylfKg1Pvcu70n1XgOj50 U955pxFfI19ecjjalLs6rZaN0KsqlnQ3DsuFgYRTwBiNU16RCmBqkj/tlHn8WC8Y iImenZFxVU1f6wyJQLes7OsTRdafCnG2dpAST3VPBoD4z9WuFqDDA2etCUMLCRUt aV8qmjGqezPHOT1X7gWng8tzy3kk+1MqzOC/s1aqt+JFbcgAFTGHmjBHO26d4vq6 1LoP8/MXgj7/fQeKXvirp+MFoA4iJX9qhYA+PnWR//GDPBtDsxiQABlRnWyyt4ph Iyg5Nb6vHTE+pqPThjYemBqF2+42F0qeXBdVGvgcoywDzfY5aqtv9pvWXKKLGWoc ayjyf5jpkZG32XFGyrKycXCG381JrbR2xfjFrDiw3wxbCDf8kOsEHtgvo5ZYDAqZ v4DVtp6u5bVxJ7846npWg8OpV981aODa6QcEZg4GbpYEdlrzYcizjvD2Yev+iFHO W5cNkYtVjCWS25H6hpUpV8n1CGS/8K6SgWepaiVShuKRuSF//jGhYIxnkF87/7Mx 6OzC4Pht2OoXOvhZWBQ3IKMfWLxigevQSwoFEsFDYXoMLo6mOwY= =M59F -----END PGP SIGNATURE-----