-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 01 Jan 2026 15:54:00 +0100 Source: gnupg2 Binary: dirmngr dirmngr-dbgsym gnupg-utils gnupg-utils-dbgsym gpg gpg-agent gpg-agent-dbgsym gpg-dbgsym gpg-wks-client gpg-wks-client-dbgsym gpg-wks-server gpg-wks-server-dbgsym gpgconf gpgconf-dbgsym gpgsm gpgsm-dbgsym gpgv gpgv-dbgsym gpgv-static gpgv-static-dbgsym gpgv-udeb scdaemon scdaemon-dbgsym Architecture: armel Version: 2.2.40-1.1+deb12u2 Distribution: bookworm Urgency: high Maintainer: arm Build Daemon (arm-ubc-03) Changed-By: Daniel Kahn Gillmor Description: dirmngr - GNU privacy guard - network certificate management service gnupg-utils - GNU privacy guard - utility programs gpg - GNU Privacy Guard -- minimalist public key operations gpg-agent - GNU privacy guard - cryptographic agent gpg-wks-client - GNU privacy guard - Web Key Service client gpg-wks-server - GNU privacy guard - Web Key Service server gpgconf - GNU privacy guard - core configuration utilities gpgsm - GNU privacy guard - S/MIME version gpgv - GNU privacy guard - signature verification tool gpgv-static - minimal signature verification tool (static build) gpgv-udeb - minimal signature verification tool (udeb) scdaemon - GNU privacy guard - smart card support Closes: 1124221 Changes: gnupg2 (2.2.40-1.1+deb12u2) bookworm; urgency=high . * Address four issues from https://gpg.fail, including: + Fix CVE-2025-68973 (Closes: #1124221) + Avoid potential downgrade to SHA1 in 3rd party key signatures. + Error out on unverified output for non-detached signatures. + Do not use a default when asking for another output filename. * d/control: Point Vcs-Git to the correct branch Checksums-Sha1: c7177b59c71435f4aeb0c5443478c305b050dd96 962996 dirmngr-dbgsym_2.2.40-1.1+deb12u2_armel.deb d40839f624ea50ab613ba977f5a7a0f3235b58f7 746748 dirmngr_2.2.40-1.1+deb12u2_armel.deb 84f0b6ec5d24a83924ac2e5983adfdf08dd6dda7 1567224 gnupg-utils-dbgsym_2.2.40-1.1+deb12u2_armel.deb 80f2724e68f341ed02dc6006eb2cf5fc7bb89ae0 843240 gnupg-utils_2.2.40-1.1+deb12u2_armel.deb 8aeb1e369b4a0082f538bed496f6fde4a7a7435d 16795 gnupg2_2.2.40-1.1+deb12u2_armel-buildd.buildinfo 1992c8035668a89da49741bef458ede050624dcf 932160 gpg-agent-dbgsym_2.2.40-1.1+deb12u2_armel.deb b94bfa5ac5d1d5a3a263596d5b558e8214cc2699 647824 gpg-agent_2.2.40-1.1+deb12u2_armel.deb 48be57c4874bca38d728bfe9182154ca8a896b5c 1233340 gpg-dbgsym_2.2.40-1.1+deb12u2_armel.deb f0154d91d462831d649ef282f1be2c70823af487 296828 gpg-wks-client-dbgsym_2.2.40-1.1+deb12u2_armel.deb ad52b40ba6bd392e4491ce424d65493e3ad89270 524028 gpg-wks-client_2.2.40-1.1+deb12u2_armel.deb d0099a1307ed5bd90d2a47cb0c6fb6113892405f 271052 gpg-wks-server-dbgsym_2.2.40-1.1+deb12u2_armel.deb 8530e5f67b865f793ba935b7f955da1f07e49522 517108 gpg-wks-server_2.2.40-1.1+deb12u2_armel.deb a3819e481aa86873d40335439871917d19780098 876216 gpg_2.2.40-1.1+deb12u2_armel.deb ddb99ae034d21f9300df473a1ca2b40877a55b5d 369452 gpgconf-dbgsym_2.2.40-1.1+deb12u2_armel.deb 7cfffdfb6bbf699d86dfed5f6554700b3b2ee0bf 545608 gpgconf_2.2.40-1.1+deb12u2_armel.deb 2624f0d71ce6397632c7c225c834717d57a3440f 626968 gpgsm-dbgsym_2.2.40-1.1+deb12u2_armel.deb 2c24835145be48c9860179c34e2f74baa0935e7d 634384 gpgsm_2.2.40-1.1+deb12u2_armel.deb 1a614d7cd01e4f9a1564c59811b054f2f555e81a 595960 gpgv-dbgsym_2.2.40-1.1+deb12u2_armel.deb 0f0e12be20c185640630e2ba1ed293bf0f260372 654416 gpgv-static-dbgsym_2.2.40-1.1+deb12u2_armel.deb 636b85cb589f1fa40b5105549d5cb34b4d149b82 1278660 gpgv-static_2.2.40-1.1+deb12u2_armel.deb 45decab6f4a6c863a575c2e1d5ef14ec616a5a53 166308 gpgv-udeb_2.2.40-1.1+deb12u2_armel.udeb 94125cb1bf1e2ecdc538bf414230f294d45bd120 613944 gpgv_2.2.40-1.1+deb12u2_armel.deb fa244a3e6b51a007bff0ec6bd19091cf12c7b9f6 551260 scdaemon-dbgsym_2.2.40-1.1+deb12u2_armel.deb d42feb330ab61b9d346c8e0b000fe80f00805870 616264 scdaemon_2.2.40-1.1+deb12u2_armel.deb Checksums-Sha256: 6157c099525e04ea4aa4a0f6e7fbe3c9dc1ede60821eeeba70dfb1bd6a76a94a 962996 dirmngr-dbgsym_2.2.40-1.1+deb12u2_armel.deb cf31a49973b0a6214175c58a09ee20896a5e1bffdad8e04cb161dec2167fcae2 746748 dirmngr_2.2.40-1.1+deb12u2_armel.deb 76dc7156146a9630fefddb363259423350b75dc43fe7835a69fc96c48d407886 1567224 gnupg-utils-dbgsym_2.2.40-1.1+deb12u2_armel.deb 065c04f3a2d1bba605d78a4a0894f84b728772aa9a945ec6dfce0ae0c70f932e 843240 gnupg-utils_2.2.40-1.1+deb12u2_armel.deb 27678f596b4bcf001f842e1421465df69134e5fd2a781f6c8046c8f33d886254 16795 gnupg2_2.2.40-1.1+deb12u2_armel-buildd.buildinfo 83b43980e0bd6fe743694dd3754b0a40b1b0d05c7f59d5398a3cbd77a51b43c1 932160 gpg-agent-dbgsym_2.2.40-1.1+deb12u2_armel.deb c801154eb102f1e37b38125a47993c3fe8168e4262c56956acb206991964c74d 647824 gpg-agent_2.2.40-1.1+deb12u2_armel.deb 991b1cea0fda6384e7eff1d816369a927395fb39380c9fce263abb03b20c75cd 1233340 gpg-dbgsym_2.2.40-1.1+deb12u2_armel.deb ab72b6a4f00b169a72ab0fafdac8308cf0b39cbb5d8e6e8d31eacf21f3b13519 296828 gpg-wks-client-dbgsym_2.2.40-1.1+deb12u2_armel.deb eaff82fb440a39b9f4cfb0d83bc2f98a18493ea1fa072398d807499bf53fa5bc 524028 gpg-wks-client_2.2.40-1.1+deb12u2_armel.deb b732c22ed90bd93ce8b4249996542d094989bc8863f251e57b0bf9dacd0527cb 271052 gpg-wks-server-dbgsym_2.2.40-1.1+deb12u2_armel.deb 155585e96461403d999f0decbb7456156fa23e98dbb6f827ba3f29bf8104a3f8 517108 gpg-wks-server_2.2.40-1.1+deb12u2_armel.deb 1902814ec236f4a572f6b5f83d4269c95d2bbe50dd3004cc3a7f808608945311 876216 gpg_2.2.40-1.1+deb12u2_armel.deb 4d8932bb128cb2354c300c50494e8066058ddd54e3875db82ce03bc1d09a1f96 369452 gpgconf-dbgsym_2.2.40-1.1+deb12u2_armel.deb bb96e3deebaedeee45745c591f2f2edcb7f96d68a03fb6e15a9918d690fce662 545608 gpgconf_2.2.40-1.1+deb12u2_armel.deb 297b5a497268d0210855da5e94b38228303555907052666fe998e8e0922fe24c 626968 gpgsm-dbgsym_2.2.40-1.1+deb12u2_armel.deb ab29087a88b6801dc9032f3d234c602dca9e83acc20e604434ff0879e65c949f 634384 gpgsm_2.2.40-1.1+deb12u2_armel.deb ea7cc20e8535bc19cc7ae00c7ca80a1bc5a7020d9f4833a69f3b85e0f7a6e381 595960 gpgv-dbgsym_2.2.40-1.1+deb12u2_armel.deb 5a971517ece5cc3af0f7530204d02e2601116c2ebcb35a259b98248756ded6b6 654416 gpgv-static-dbgsym_2.2.40-1.1+deb12u2_armel.deb de99ed2b7582b4989ff55737c6289131869c93cde85698a06a6444a8099ecf79 1278660 gpgv-static_2.2.40-1.1+deb12u2_armel.deb ce53385a37422717528c728d5cd46382cde9a3c0f293086e3198f7ece25975af 166308 gpgv-udeb_2.2.40-1.1+deb12u2_armel.udeb 523716e399a7d0030d131b2941b769df01779ac6c324c1d0c35a9d624aa9c3f7 613944 gpgv_2.2.40-1.1+deb12u2_armel.deb b3ad64e5a123112c973d24c08e471af104090b0869d611c9113628657a84f9fc 551260 scdaemon-dbgsym_2.2.40-1.1+deb12u2_armel.deb ff99fc0d30d5a70690ac080ae0b0556aff340ea78eab8d28811e2f93dd3547f7 616264 scdaemon_2.2.40-1.1+deb12u2_armel.deb Files: 8830186c4e4ae253581cbff678dd527b 962996 debug optional dirmngr-dbgsym_2.2.40-1.1+deb12u2_armel.deb 1d47f307f51a2e8a6747b61f857f99fd 746748 utils optional dirmngr_2.2.40-1.1+deb12u2_armel.deb a3ca24ac534679049b13da0e144c0831 1567224 debug optional gnupg-utils-dbgsym_2.2.40-1.1+deb12u2_armel.deb 259f119440bc60e89f1084342371894a 843240 utils optional gnupg-utils_2.2.40-1.1+deb12u2_armel.deb 6a568962cd7bc36847dd46cbdd8840c0 16795 utils optional gnupg2_2.2.40-1.1+deb12u2_armel-buildd.buildinfo 2949fa225e24d5eb3ffd84722177a898 932160 debug optional gpg-agent-dbgsym_2.2.40-1.1+deb12u2_armel.deb e1475e2488fa69a25c1be342831ea9a8 647824 utils optional gpg-agent_2.2.40-1.1+deb12u2_armel.deb 3f0eef1bab4d6aa39ce76f6e1287f9ce 1233340 debug optional gpg-dbgsym_2.2.40-1.1+deb12u2_armel.deb b500b0df30d61a613c8eb303842bbdcb 296828 debug optional gpg-wks-client-dbgsym_2.2.40-1.1+deb12u2_armel.deb c000ed2ad1f442475becac99212757cd 524028 utils optional gpg-wks-client_2.2.40-1.1+deb12u2_armel.deb 1fc2f22b35c9d148ca36ea464810d6bf 271052 debug optional gpg-wks-server-dbgsym_2.2.40-1.1+deb12u2_armel.deb 2b613ee1ba8b9ef7a9018ad988218da0 517108 utils optional gpg-wks-server_2.2.40-1.1+deb12u2_armel.deb 21dc6334cf126da06ac2916ea1d92f70 876216 utils optional gpg_2.2.40-1.1+deb12u2_armel.deb 27ea4c62902cc17a7c52bb42dca65553 369452 debug optional gpgconf-dbgsym_2.2.40-1.1+deb12u2_armel.deb f1bb5a0eb07b2ef65e3be29785c0c92e 545608 utils optional gpgconf_2.2.40-1.1+deb12u2_armel.deb 9965982d46c9e43bfcc0815ea3001542 626968 debug optional gpgsm-dbgsym_2.2.40-1.1+deb12u2_armel.deb 23af8d6e007700fb0bf179f9257c0d3b 634384 utils optional gpgsm_2.2.40-1.1+deb12u2_armel.deb 96a32af9d5f6c5f1bb70b5e861a35031 595960 debug optional gpgv-dbgsym_2.2.40-1.1+deb12u2_armel.deb 10107e39786cb161c684c9c7c4d9a283 654416 debug optional gpgv-static-dbgsym_2.2.40-1.1+deb12u2_armel.deb 9eb07fd41d4b1f5616ad29534ee0e0f1 1278660 utils optional gpgv-static_2.2.40-1.1+deb12u2_armel.deb 8674e942a012a67cae301f472068e38e 166308 debian-installer optional gpgv-udeb_2.2.40-1.1+deb12u2_armel.udeb 9820098fc7774d03e9c658924c835d12 613944 utils important gpgv_2.2.40-1.1+deb12u2_armel.deb 0222c72526a158daafc70b415f01f8f0 551260 debug optional scdaemon-dbgsym_2.2.40-1.1+deb12u2_armel.deb 294aec7ed702686866eb8584787c3a9c 616264 utils optional scdaemon_2.2.40-1.1+deb12u2_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEENsdrABvTD8MQ0UffVza3l394K2AFAmlYYEEACgkQVza3l394 K2BXyA/+IpHfzSQ8w/CmgHksoPSW6TfdVWKdVpcYY8g+w8UrO/5X1Va+kzHO4KwU Iwv5ywvN9UKax9dMtzIuCC86PVkxLnGvSQwqig368eOhn1AnTcrJj+2Wb0+wR4uO ca9goXJkZYqFopsq6mp8YsFecQm0R69b1RMFZJYEHlfHF8jPpv/8Q08MCAzESuK+ ipt3UlmfnpysPPga5Jmf1CX9Q41I+pSB79YPi627RrrHHI/OfmibN1lsCX5doOxL Tliu7qMT2CvI1DY3fQz41rCDIUq6cFdXWfNILwhrjVRG/OHyh5R0B46pkPJb51k6 ubuW8qglUcyFC5D/ufgt9yPfRvhgfrp/80U0VmNNlYSRFMIqIDpVxiSZ6HRPn8fy JKwOp2uXG+Uc3u3GsHlYnffgiF+kPEx7XppJvf3fzXETGYMT2KvFdbQ/ziK3u+e5 vPTf/6hhqHl6gkkQVCHsOoEJKIkpoVaYVOVGLPw4nXOpzatXt9SMc5+8lziTPfyL dTKU1+aHROHqKGxV/ioNeMOrK5deHJvle+M6FktLQe3P2eJXnH/SSp9INXQ3ov1S asufX6JvYz6+HqE7UeiiZtPPaDdaZalwz0fY70hVH3+aNFtqf84bYmHPhvnu4FqO dXlrQ2VOle+M5b+pOC8rCcw2ZJmx+i6smzfl4Ll3l76zcuOGZEw= =rz7C -----END PGP SIGNATURE-----