-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 01 Jan 2026 15:54:00 +0100 Source: gnupg2 Architecture: source Version: 2.2.40-1.1+deb12u2 Distribution: bookworm Urgency: high Maintainer: Debian GnuPG Maintainers Changed-By: Daniel Kahn Gillmor Closes: 1124221 Changes: gnupg2 (2.2.40-1.1+deb12u2) bookworm; urgency=high . * Address four issues from https://gpg.fail, including: + Fix CVE-2025-68973 (Closes: #1124221) + Avoid potential downgrade to SHA1 in 3rd party key signatures. + Error out on unverified output for non-detached signatures. + Do not use a default when asking for another output filename. * d/control: Point Vcs-Git to the correct branch Checksums-Sha1: 99676c3caa7a43dd4f1973aee978edab13ad914e 3364 gnupg2_2.2.40-1.1+deb12u2.dsc 5c3d1476b85b7524d4786bcb0a3d5df4868f182a 67520 gnupg2_2.2.40-1.1+deb12u2.debian.tar.xz a9c1e59e539c73ddccc1fa507101d8876cf93e0c 10865 gnupg2_2.2.40-1.1+deb12u2_source.buildinfo Checksums-Sha256: 2424239219b00265dd99c5a2c5f9d50f9cafc15f0945946bb16ac1a50ec38310 3364 gnupg2_2.2.40-1.1+deb12u2.dsc 398ad74f63d81edd9365df97129d05061829599bf50e72824576e1dda23fbe62 67520 gnupg2_2.2.40-1.1+deb12u2.debian.tar.xz b9128491f7134c6980c5eae377f09fea64a320feac85499f0c40b79d24679686 10865 gnupg2_2.2.40-1.1+deb12u2_source.buildinfo Files: f0e4aee80f735012d20932fa8a643f4c 3364 utils optional gnupg2_2.2.40-1.1+deb12u2.dsc 4e8e142aa1cff332485efcf659b3495f 67520 utils optional gnupg2_2.2.40-1.1+deb12u2.debian.tar.xz ae362ebc709ca5af08c793a87634ef38 10865 utils optional gnupg2_2.2.40-1.1+deb12u2_source.buildinfo -----BEGIN PGP SIGNATURE----- wr0EARYKAG8FgmlX+d4JEHgLhU7ZwrSWRxQAAAAAAB4AIHNhbHRAbm90YXRpb25z LnNlcXVvaWEtcGdwLm9yZxw6bKfLfkgRDrOc4jxYIGsiogA6T2r2mhmtAJ8lPdvK FiEEY6wRjlsuXWbIioWneAuFTtnCtJYAAIL/AP9VnIse+8u2LGmSp6ZJdIUyTMIp rlRBuFyLROMjucYlKgD/XSwTfqmRP1tZSIjyr8O2RCanDsKSG29ItOVrLFUIAw0= =38xQ -----END PGP SIGNATURE-----