Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected], [email protected] Control: affects -1 + src:gnupg2 User: [email protected] Usertags: pu
Good morning, we would like to fix CVE-2025-68973 and three other issues from gnupg(dot)fail in the January stable (and oldstable) update. Quoting Salvatore Bonaccorso in https://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/2025-December/010435.html | Anyway, Moritz and I were today bit discussing anyway the gnupg2 | status and came back to the comment from Moritz about the point | release. Given gnupg2 is so crucial in various ways within Debian and | the point releases in 1.5 weeks ahead, we wanted to come back to | suggest to make the point release updates with the key benefit to have | gnupg2 exposed in public via the proposed updates suites as soon | accepted. | | Would you agree on this approach? The stable release managers private | alias is CC'ed here so they are aware of this suggestion. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable cu Andreas PS: second try, 1st one was blocked because gnupg(dot)fail is in spamhaus. -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
gnupg2_2.4.7-21+deb13u1.deb.diff.gz
Description: application/gzip
signature.asc
Description: PGP signature
