-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 01 Jan 2026 15:54:00 +0100 Source: gnupg2 Binary: dirmngr dirmngr-dbgsym gnupg-utils gnupg-utils-dbgsym gpg gpg-agent gpg-agent-dbgsym gpg-dbgsym gpg-wks-client gpg-wks-client-dbgsym gpg-wks-server gpg-wks-server-dbgsym gpgconf gpgconf-dbgsym gpgsm gpgsm-dbgsym gpgv gpgv-dbgsym gpgv-static gpgv-static-dbgsym gpgv-udeb scdaemon scdaemon-dbgsym Architecture: arm64 Version: 2.2.40-1.1+deb12u2 Distribution: bookworm Urgency: high Maintainer: arm Build Daemon (arm-conova-04) Changed-By: Daniel Kahn Gillmor Description: dirmngr - GNU privacy guard - network certificate management service gnupg-utils - GNU privacy guard - utility programs gpg - GNU Privacy Guard -- minimalist public key operations gpg-agent - GNU privacy guard - cryptographic agent gpg-wks-client - GNU privacy guard - Web Key Service client gpg-wks-server - GNU privacy guard - Web Key Service server gpgconf - GNU privacy guard - core configuration utilities gpgsm - GNU privacy guard - S/MIME version gpgv - GNU privacy guard - signature verification tool gpgv-static - minimal signature verification tool (static build) gpgv-udeb - minimal signature verification tool (udeb) scdaemon - GNU privacy guard - smart card support Closes: 1124221 Changes: gnupg2 (2.2.40-1.1+deb12u2) bookworm; urgency=high . * Address four issues from https://gpg.fail, including: + Fix CVE-2025-68973 (Closes: #1124221) + Avoid potential downgrade to SHA1 in 3rd party key signatures. + Error out on unverified output for non-detached signatures. + Do not use a default when asking for another output filename. * d/control: Point Vcs-Git to the correct branch Checksums-Sha1: a577daf7f049e401d3eef4beb58695bd57607f14 980836 dirmngr-dbgsym_2.2.40-1.1+deb12u2_arm64.deb fac57a683a9c73b5fc55af44ad597490f95168d0 769352 dirmngr_2.2.40-1.1+deb12u2_arm64.deb 99217d3e322f74fd0d99d77748b7bb27565fe60e 1611228 gnupg-utils-dbgsym_2.2.40-1.1+deb12u2_arm64.deb 4c8a809997d81241340dcddd5244815f59b791bc 879084 gnupg-utils_2.2.40-1.1+deb12u2_arm64.deb 7e73edb6f987f35aeab8567410170af7c7052b02 16977 gnupg2_2.2.40-1.1+deb12u2_arm64-buildd.buildinfo afc69db86127fb0e495435ec2929ca23456401a4 979316 gpg-agent-dbgsym_2.2.40-1.1+deb12u2_arm64.deb c28c057cc4d337c8a5cda722ee6e2c21046f1654 673096 gpg-agent_2.2.40-1.1+deb12u2_arm64.deb d9756d66d055e83a599a1f87317744e7b2967ba0 1260484 gpg-dbgsym_2.2.40-1.1+deb12u2_arm64.deb c1ca9758c6ceed8409831c9c045e275ce57f6cc2 300392 gpg-wks-client-dbgsym_2.2.40-1.1+deb12u2_arm64.deb a4a7575144fd002e042904f601f445ac368be5a4 532832 gpg-wks-client_2.2.40-1.1+deb12u2_arm64.deb d71982c252b16a4801f0789e2fb892e05a19c46b 274888 gpg-wks-server-dbgsym_2.2.40-1.1+deb12u2_arm64.deb 7de08176d432572469bb021a41f55d60645a8262 525000 gpg-wks-server_2.2.40-1.1+deb12u2_arm64.deb 032316c4aed103cb8e018fb617899ab95494249d 901672 gpg_2.2.40-1.1+deb12u2_arm64.deb 88a1e612b1a16f5a33d6dfc242c490a0def5a1d8 386268 gpgconf-dbgsym_2.2.40-1.1+deb12u2_arm64.deb 6bff36c95861e11a8f739cfb70db92a2bb0e5e33 556776 gpgconf_2.2.40-1.1+deb12u2_arm64.deb e43105df33fb3f7ed09568952435d94136d44b6c 637140 gpgsm-dbgsym_2.2.40-1.1+deb12u2_arm64.deb 629a82e6babf4d43851bcde969e5f5533f3015fa 650204 gpgsm_2.2.40-1.1+deb12u2_arm64.deb 14b3a18e3e16747e60a5e2ec7625ce715d0029b5 600308 gpgv-dbgsym_2.2.40-1.1+deb12u2_arm64.deb d856d5f22ec708602b9dc3ef7e3324f13f224088 655036 gpgv-static-dbgsym_2.2.40-1.1+deb12u2_arm64.deb 5a00b1e73063d6c78bcc28712ddc6d4a41598e32 1336632 gpgv-static_2.2.40-1.1+deb12u2_arm64.deb e846badcf8d4ab22eb09e7763b32987557e9a000 182048 gpgv-udeb_2.2.40-1.1+deb12u2_arm64.udeb 14f6eb8b05a31443295664f91fc80266aee01c65 630324 gpgv_2.2.40-1.1+deb12u2_arm64.deb c8c143bbacd72e1b0d20988fdb0a155b47bbac32 570992 scdaemon-dbgsym_2.2.40-1.1+deb12u2_arm64.deb 12a09a2d76ca3e9743d491fca2ebdd25d91090b9 629920 scdaemon_2.2.40-1.1+deb12u2_arm64.deb Checksums-Sha256: 83ed6b665a2cfaf8d667700f5dc93333b323ad9a9ba329e0a1321029892ea62d 980836 dirmngr-dbgsym_2.2.40-1.1+deb12u2_arm64.deb ccae13a2b931ebc58bc2f194e457ea82ad23ae461c0fb2ec44f076ae16e14e28 769352 dirmngr_2.2.40-1.1+deb12u2_arm64.deb 601cd93c0df91112762a36f82f078fbbcac1a1d2852c8514fc94ec5109111ed2 1611228 gnupg-utils-dbgsym_2.2.40-1.1+deb12u2_arm64.deb a5ee1c5a2854a24b7230cc47ed9cae0354359fe999f26720653fbca5fe41388f 879084 gnupg-utils_2.2.40-1.1+deb12u2_arm64.deb b91d246be1c1715ace2b88bfb773f87b011689c276c93227cd332653b1a04e55 16977 gnupg2_2.2.40-1.1+deb12u2_arm64-buildd.buildinfo 813f262cdfd993ae0367ae1c691661a05311cbcaaede39d58c25127175885f00 979316 gpg-agent-dbgsym_2.2.40-1.1+deb12u2_arm64.deb d25140556e4117b487981eb9a169254190e7cfd11b0651cc8c2a22928284705f 673096 gpg-agent_2.2.40-1.1+deb12u2_arm64.deb ffcd70c7b352eab865fee6c4f31200a173ffed0fe7cd42e4f7142bbfc12a19f7 1260484 gpg-dbgsym_2.2.40-1.1+deb12u2_arm64.deb c18480ef56bfdde49a9331e0f5ca992a6b7f9fef0339f8cf94b16b3444b05cd9 300392 gpg-wks-client-dbgsym_2.2.40-1.1+deb12u2_arm64.deb 7a17100a45c25269092af5c47c361d22bd2c6b9d59b3c4207a5eaabc1b3dfbfd 532832 gpg-wks-client_2.2.40-1.1+deb12u2_arm64.deb 284439d8b8774b686480ac7c15e06c162c14d6362eb9e0f5c43e694b6c6de23e 274888 gpg-wks-server-dbgsym_2.2.40-1.1+deb12u2_arm64.deb d07ef74dcb6bd5cea05832e67dcb5e6a3319268e3ce5598d9e7b952ff35a9a46 525000 gpg-wks-server_2.2.40-1.1+deb12u2_arm64.deb 4ba017857a169efab487e4dd660dacdb4451223fc39a1c5c9046c446cd5702e6 901672 gpg_2.2.40-1.1+deb12u2_arm64.deb f14fbb3cc0366944aa7812ccf6599c801368867b90f9ef53739b7b2e40382314 386268 gpgconf-dbgsym_2.2.40-1.1+deb12u2_arm64.deb 4947c4a2893b61a5433884bb5d0864f07c86cf462cce06c53aae4d262d20ca60 556776 gpgconf_2.2.40-1.1+deb12u2_arm64.deb 562a427c1cf282a028978eee79c9a9fc01343758b98c365135e2e17a7bd70205 637140 gpgsm-dbgsym_2.2.40-1.1+deb12u2_arm64.deb c6ea9c22e34958438d9a19a4c19191d1925904b1340b2a148824c48b606673cf 650204 gpgsm_2.2.40-1.1+deb12u2_arm64.deb 3b0522c45c7fde532bb0cc904c55cf12e8ea87e83412cdf99e55694bef20976f 600308 gpgv-dbgsym_2.2.40-1.1+deb12u2_arm64.deb 9081fe7da54075c2905a4e2d379357cc6a671294598fb566b96be943f0782257 655036 gpgv-static-dbgsym_2.2.40-1.1+deb12u2_arm64.deb 05165f45a5f29594a8bd678aa2fa827fd17305d3f864330f65a5f9832681b9f8 1336632 gpgv-static_2.2.40-1.1+deb12u2_arm64.deb bc16fefabead0ba45f2ac205e434e58cab7bb7c22d60b25c6f923aa35103a3c5 182048 gpgv-udeb_2.2.40-1.1+deb12u2_arm64.udeb 0c47babb0cd4798328300b2d5446848209ef46383ed5eecf551984197e739abe 630324 gpgv_2.2.40-1.1+deb12u2_arm64.deb e87ab97501fab7c0a9c6bbe099fe1a7e7d06e612586c3baee10afc7c40d39a5c 570992 scdaemon-dbgsym_2.2.40-1.1+deb12u2_arm64.deb 775d9c211335115800927c68cb16a6243c6f587afdfac41ab35f2e58a09dea93 629920 scdaemon_2.2.40-1.1+deb12u2_arm64.deb Files: 3c5cc1c7dd883f82676e115c08a7b32d 980836 debug optional dirmngr-dbgsym_2.2.40-1.1+deb12u2_arm64.deb 788a23f281e813aa153362f74d0f4995 769352 utils optional dirmngr_2.2.40-1.1+deb12u2_arm64.deb 6fab6e1fab0ce48f851a466617c30531 1611228 debug optional gnupg-utils-dbgsym_2.2.40-1.1+deb12u2_arm64.deb d2498fa65e3b8c2495087bc96bc036e6 879084 utils optional gnupg-utils_2.2.40-1.1+deb12u2_arm64.deb 77885d8fe274a4250e21c2ff74a5f9ad 16977 utils optional gnupg2_2.2.40-1.1+deb12u2_arm64-buildd.buildinfo 0d5cf7a8c2784c99deccc9f60f42abf5 979316 debug optional gpg-agent-dbgsym_2.2.40-1.1+deb12u2_arm64.deb 7bff52566e238169d13ed9b6e54bfde5 673096 utils optional gpg-agent_2.2.40-1.1+deb12u2_arm64.deb c54d3ef6dcb2dda6458fe806a264f29c 1260484 debug optional gpg-dbgsym_2.2.40-1.1+deb12u2_arm64.deb 7c5d86fc2d37fde0e93aec7a0987645f 300392 debug optional gpg-wks-client-dbgsym_2.2.40-1.1+deb12u2_arm64.deb 10ec740e533c3d9a46ffd8a5bf708095 532832 utils optional gpg-wks-client_2.2.40-1.1+deb12u2_arm64.deb 8e71b53f20d71ddcdfcba646400f542c 274888 debug optional gpg-wks-server-dbgsym_2.2.40-1.1+deb12u2_arm64.deb cd3bb3fe5b088a1c4eb5a1e85fb8b256 525000 utils optional gpg-wks-server_2.2.40-1.1+deb12u2_arm64.deb 54ecc7dcc6b66e45c60ad0ad37199f75 901672 utils optional gpg_2.2.40-1.1+deb12u2_arm64.deb 3941eee0d7b15b08bc67cf92daa17d9a 386268 debug optional gpgconf-dbgsym_2.2.40-1.1+deb12u2_arm64.deb af607c8365923a0160b65a5c0652fcf9 556776 utils optional gpgconf_2.2.40-1.1+deb12u2_arm64.deb cf538a64bfb5ae1198cf2af29da3ebce 637140 debug optional gpgsm-dbgsym_2.2.40-1.1+deb12u2_arm64.deb d8864c312affb84931efb6f9273d5411 650204 utils optional gpgsm_2.2.40-1.1+deb12u2_arm64.deb f7c5c132d8affa44b6688f2038c2b5e5 600308 debug optional gpgv-dbgsym_2.2.40-1.1+deb12u2_arm64.deb 57e8abf5fd6b3f1ec2d7e9295462c182 655036 debug optional gpgv-static-dbgsym_2.2.40-1.1+deb12u2_arm64.deb a2562db1dde2efba59e731f0c30b4de2 1336632 utils optional gpgv-static_2.2.40-1.1+deb12u2_arm64.deb 8a76b0d93f83feb98a73057f5ebb970f 182048 debian-installer optional gpgv-udeb_2.2.40-1.1+deb12u2_arm64.udeb 5dfce99818bfe545c87015ba3aca0a5d 630324 utils important gpgv_2.2.40-1.1+deb12u2_arm64.deb 8bb583e65b325993f83c06f829144c19 570992 debug optional scdaemon-dbgsym_2.2.40-1.1+deb12u2_arm64.deb 0df7768966c88832b34e03697fb0f294 629920 utils optional scdaemon_2.2.40-1.1+deb12u2_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYxmcRLDHP0tCCM0oScpU3dYulLgFAmlYYAgACgkQScpU3dYu lLjFmg//abM0w6xM1Kh21a2MX303p0S6IlQLC1m9VQ8hGArVtmw9UvfiACP2pgJq mKB7m8UOnvVd0pjvSfhCPpRghT60rhlVLg0k2T5lT+K1RdjF3Z2trRnv6LV9Az2S kKeH4TXffFENISssZGYTWCfaa20RxfqU8WxYJVg1MP+tsrmf/gVXcygw9Y1unV18 sJ+1VPvP1V7uA9TZAqLZf/dYMWSb6lXWHS1Z6qFef2E0Jx5OK9bjq+W5i7T5pbu3 /n6e2xTbcI92mZXxIpbZorsUX4IvYQO4MvF4CY4U1/Oc/jWSh9muCKbDj7Xl88VI ABoL24TiujH3bbG6YP2F9cnFcrJMbeWvjeRMbhqdSLxCfLViWcW/XN9maxWJShyM s3r0kBQ26bvlTPaqqkpwrDTKYWoVzjoKe6i4oW1fZSuxLjEP/JbamEjWIo954via dxfqjP5EgT0zf6SmZzzzSiPMXP79p+iAsB26WaIdMRhCPlLSiqGw9S3rgUTQeRE/ 2QsoSv3OUKvAo5aglCd1IkQvj/LDg4papLN/WGuw3H20R+6z4FFRHUPgG9F61pWd lwsbP4NABXeENEZpByn2BSeeU1tjNnEqO5ulPWz8cmxMs2OnWYFWycQNo14CvmQx l8t0sV4962Y+pEs0YhwbZRuRDMmDJT0OHZ8oMUzOD/qCX4HhC4A= =I4uJ -----END PGP SIGNATURE-----