-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 07 Mar 2026 13:15:41 +0100
Source: dpkg
Binary: dpkg-dev libdpkg-perl
Architecture: all
Version: 1.21.23
Distribution: bookworm
Urgency: medium
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Description:
 dpkg-dev   - Debian package development tools
 libdpkg-perl - Dpkg perl modules
Closes: 1061404 1065575 1070010 1107971 1108192 1129722
Changes:
 dpkg (1.21.23) bookworm; urgency=medium
 .
   [ Guillem Jover ]
   * dpkg-deb: Fix cleanup for control member with restricted directories.
     Reported by zhutyra on HackerOne. Fixes CVE-2025-6297.
   * Perl modules:
     - Dpkg::BuildDriver::DebianRules: Fix uninitialized Perl variables.
       Closes: #1107971
     - Dpkg::BuildDriver::DebianRules: Fix R³ dpkg/target/<target> values
       handling.
   * Code internals:
     - libdpkg: Fix varbuf memory leak in pkg_source_version().
     - dpkg-deb: Initialize threads_max in no-uniform-compression mode.
     - libdpkg: Handle tar long GNU names and links not being NUL terminated.
       Closes: #1061404
     - libdpkg: Do not segfault when adding triggers in no-act mode.
       Closes: #1108192
     - libdpkg: Terminate zstd decompression when we have no more data.
       Reported by Yashashree Gund <yash_gund@live.com>. Closes: #1129722
       Fixes CVE-2026-2219.
   * Build system:
     - Build gitlab CI images for bookworm instead of sid.
   * Localization:
     - Fix typos in Swedish man pages translations. Closes: #1065575
     - Update Swedish translations.
       Thanks to Peter Krefting <peter@softwolves.pp.se>. Closes: #1070010
 .
   [ Helge Kreutzmann ]
   * Localization:
     - Update German man pages translation.
Checksums-Sha1:
 17f66f1a9c0b0141c0627e594c162efbada80723 1354256 dpkg-dev_1.21.23_all.deb
 e82b95e956fb39beebf57c5df87be562abc0da35 6957 dpkg_1.21.23_all-buildd.buildinfo
 876e3da3f493ae56c8a052130ba49723fbf9b1f5 603796 libdpkg-perl_1.21.23_all.deb
Checksums-Sha256:
 43547075395dbe9290e6a5f34e9ba93aa5dcf7dfc5698c3d30cc3c85e5f7e3de 1354256 dpkg-dev_1.21.23_all.deb
 11fa95cbb154af88ab308cb9991dde7f55c56713bf6636080788b685673348a7 6957 dpkg_1.21.23_all-buildd.buildinfo
 3f817fd9266ce2638c64b5df77da11f98f5df4f3301e1c04140be16790f72112 603796 libdpkg-perl_1.21.23_all.deb
Files:
 125432cf00a47cf6d86bcb4fc1186361 1354256 utils optional dpkg-dev_1.21.23_all.deb
 9223af6da2ed1502c4947e7e812fee99 6957 admin required dpkg_1.21.23_all-buildd.buildinfo
 615e707a53145cfbd6f0bb8c77ed7f93 603796 perl optional libdpkg-perl_1.21.23_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmn3vqsACgkQmgPNRvTf
/zcQ4Q/8C1+4qfvPMVt/PUgLInIK9Zy5CcUSyjs01XYD6XhDrmGRMoyQo5ZUpaHB
EnHlII4jKWKn5/X0h4NK973CkcuK3MvzRCS4CI3AJo1f2FXYJtzdBJzMFigQzCps
s8Vi95joZoM1DHL0pMKlgiy3lpzMK17oMrO3g/NK/jCIhk9du5/ctL1RWcfVXaQu
xLRcJsAHwC32fZQa9p7fh26Xqin28vYS1FrfXFxyswhBTpXfbz3Su1dIF+NFKjLx
Cpkek546yhn+8aecHbzpx5eovmKx6BZ4DtK34DgpPZGjJeFsBsvIDGOCmGW7t4UO
DeQwqAj+ukmDurc0QBMtCNNgUVXU92hkg9yWrnByWOftFQhrgwS06Zx+KuyCjrUx
kJ5iGetaNujPpp+uSZ0qb6paFL0BC0Tae55aNvSXfPYkyDgajYoM7mdpdks0sBMJ
+kJZ0QCLwZN24eKuwEzLIvSB2SzVsDhoM/d9Ns4hCatLILGqmvdA8kJ2bF64PiLO
u/s0dwyughi5Fk1E5TKRjb8yu4HW72zti4LlgiZCdeEm/U3nZoy+OS++iVxtSJAH
hobXy7vDcc3hxakOcPZ4K8YX3PIcRIqKFHi6ymK64w9+6Wqi7MXeBIh4WOCPtTdn
lIVsPhWqfzdYk0AdkvZm6IQuvLKmGZhbrOcOWoTsSLdmwMAjTD4=
=qJmX
-----END PGP SIGNATURE-----