-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 07 Mar 2026 13:15:41 +0100 Source: dpkg Binary: dpkg dpkg-dbgsym dselect dselect-dbgsym libdpkg-dev Architecture: s390x Version: 1.21.23 Distribution: bookworm Urgency: medium Maintainer: s390x Build Daemon (ziehrer) Changed-By: Guillem Jover Description: dpkg - Debian package management system dselect - Debian package management front-end libdpkg-dev - Debian package management static library Closes: 1061404 1065575 1070010 1107971 1108192 1129722 Changes: dpkg (1.21.23) bookworm; urgency=medium . [ Guillem Jover ] * dpkg-deb: Fix cleanup for control member with restricted directories. Reported by zhutyra on HackerOne. Fixes CVE-2025-6297. * Perl modules: - Dpkg::BuildDriver::DebianRules: Fix uninitialized Perl variables. Closes: #1107971 - Dpkg::BuildDriver::DebianRules: Fix R³ dpkg/target/ values handling. * Code internals: - libdpkg: Fix varbuf memory leak in pkg_source_version(). - dpkg-deb: Initialize threads_max in no-uniform-compression mode. - libdpkg: Handle tar long GNU names and links not being NUL terminated. Closes: #1061404 - libdpkg: Do not segfault when adding triggers in no-act mode. Closes: #1108192 - libdpkg: Terminate zstd decompression when we have no more data. Reported by Yashashree Gund . Closes: #1129722 Fixes CVE-2026-2219. * Build system: - Build gitlab CI images for bookworm instead of sid. * Localization: - Fix typos in Swedish man pages translations. Closes: #1065575 - Update Swedish translations. Thanks to Peter Krefting . Closes: #1070010 . [ Helge Kreutzmann ] * Localization: - Update German man pages translation. Checksums-Sha1: df35772aa56e69765d544270e3f7fcbbab272c64 1102900 dpkg-dbgsym_1.21.23_s390x.deb 475d68aea3cf3702681a6ccd8f37346b8da9ff56 7616 dpkg_1.21.23_s390x-buildd.buildinfo 85060225f170c7c94ce7f4f52eb306234e321f7c 1544648 dpkg_1.21.23_s390x.deb 119d3ba44bcbff66430d59775d4e6426cd6c82f7 259964 dselect-dbgsym_1.21.23_s390x.deb b055cd443cbc58c8e8c05b45ce400db78a8c8ea2 559272 dselect_1.21.23_s390x.deb d81f7a2fd1453001b9970d10a00dc6649bf24202 350356 libdpkg-dev_1.21.23_s390x.deb Checksums-Sha256: 9956d2eb5524675904ec7a0756db0e9581ea0f168ae4eab0150cf54d31e8a3fc 1102900 dpkg-dbgsym_1.21.23_s390x.deb 0f58e9d30f70dab14d7ae814db81273c55ec821f4fe3fb31ab4f7056ed2eb42f 7616 dpkg_1.21.23_s390x-buildd.buildinfo 7c3cce1deaac7b9143632dbd84719a110a178b96322d670498cc59d039b563b2 1544648 dpkg_1.21.23_s390x.deb 1334abe062395fb4a25a0456a3a82a24c4e397ab95749e234b3cb9318bb717d1 259964 dselect-dbgsym_1.21.23_s390x.deb 1c5941b7b0fa26b7eaa0828952ac3eff7c510bc8cb16f9e56f2b1bb9d68fe646 559272 dselect_1.21.23_s390x.deb 4b5172117467a7db9707c446b0788fff2475a98b25a7d992a53135c94814e760 350356 libdpkg-dev_1.21.23_s390x.deb Files: 604c6aa81c55b1c4b4b18341616671a4 1102900 debug optional dpkg-dbgsym_1.21.23_s390x.deb e52389b8e5cf0064a4cddc1f3800748d 7616 admin required dpkg_1.21.23_s390x-buildd.buildinfo 4f5d018d19ed20b34c0a53ef6779e631 1544648 admin required dpkg_1.21.23_s390x.deb 896e091d231bf3d03f8163756b8d4099 259964 debug optional dselect-dbgsym_1.21.23_s390x.deb 3789635ca92038c244d2ba7eefdb9b44 559272 admin optional dselect_1.21.23_s390x.deb a28affbb78c49668136e04a3fc01475d 350356 libdevel optional libdpkg-dev_1.21.23_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEl0BM/nR+Oj597wRWMWUFebkHnoQFAmn3wYoACgkQMWUFebkH noTerw//X0keN40mXs/e6doEJtTvT8+7V5yy30hnNNzoFvvqQvz20et97QoSXCNL K8PMJlQeVVjYA4fzr+zJHb6xw4tE9rlj4rp76ifYEtsAGjLa/xVBvI7VPiHcHDAj ocD9CcT1j0sdU+pMZb4cGhSopouyG8cOgOXb7sOmntrg8wOfsS1cHcW2BFf4Ip6q odyQMOeeN5pj6deK/WgOOaVVJuTWDyypq604+3FHOC1VCLl+GTgUaLx4geCiGqIw g8ZjDi6LHkYAWnAQ4/cdYUgJr2X1W1oDotVLmtk947prk7hEZzvHn0O8OweeTJhL 5V4XC+aZECl8/crTXpnSMYwmp3k3NwuTo5GTp8M3hkwW40kjBzlYb7u5EJHxeXv0 G6kZWyvv5628HbtU1NeEKOeYQL40KaPCiZEfq65fr/FFvVWmummYUe6z2jwKrN55 oyKRzJbiytQp3u74udq5rlr5yo9e3+D2hsBObeGOF39YxWAm9iKWUhyC+5a8eP7b vrrDzYn0PrvfjdYNZym0YOm6GS0CCmAS4SCsSfH6eyrQEQTdUhEWFYJY67Qjih7J OiD3Y4j2dj6WpEiDO+1ktUL2/WuJBvwjr7D2qZcN6XbZR8I5eD2O4MAbkZeg40Sp 7o+lBu1Q62dN3pdCcN+Y3fVI4dziqYxCqTiL0bda01ehVfKrJsU= =j3o+ -----END PGP SIGNATURE-----