Your message dated Tue, 02 Jun 2026 20:35:19 +0000
with message-id <[email protected]>
and subject line Bug#1121251: fixed in cosign 3.0.6-1
has caused the Debian Bug report #1121251,
regarding please package cosign 3.x
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1121251: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121251
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cosign
Version: 2.5.0-2
It would be nice to get cosign 3.x into Debian. I'm opening this bug to
have a tracker bug for this effort, to reference the other bugs that
block this from happening.
/Simon
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: cosign
Source-Version: 3.0.6-1
Done: Simon Josefsson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
cosign, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon Josefsson <[email protected]> (supplier of updated cosign package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 02 Jun 2026 21:11:56 +0200
Source: cosign
Architecture: source
Version: 3.0.6-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Simon Josefsson <[email protected]>
Closes: 1121251 1128652 1133005
Changes:
cosign (3.0.6-1) unstable; urgency=medium
.
* Upload to unstable
* Use gbp debian-branch debian/latest
* Breaks gittuf<=0.13.1
.
cosign (3.0.6-1~exp0) experimental; urgency=medium
.
* New upstream version
- Fixes CVE-2026-39395 (Closes: #1133005)
* Standards-Version: 4.7.4
* Bump Breaks for v3 transition
* Bump upstream copyright years
* Improve lrc.config
.
cosign (3.0.5-1~exp0) experimental; urgency=medium
.
* New upstream (Closes: #1121251)
- Fix CVE-2026-24122 (Closes: #1128652)
* Make d/watch look for non-v2
* Use gbp debian-branch debian/experimental
* Refresh patches
Checksums-Sha1:
1f9cabefee74c2c2b2efc1e18216f1f9496750be 4116 cosign_3.0.6-1.dsc
22937a885bf6dc9d320a6ac49acbdbae55e4bcf1 5236 cosign_3.0.6-1.debian.tar.xz
8761b323287e04c9385079e0dba061f15ad2157a 2286600 cosign_3.0.6-1.git.tar.xz
386c35fbd5a3f46aff7744e8159a294d309a2ab2 17481 cosign_3.0.6-1_source.buildinfo
Checksums-Sha256:
6875a6c65d7e33c0d902aced501c5322fdd2b5d4ae28c34a4ac3f23bf1291aa1 4116
cosign_3.0.6-1.dsc
c8992eb1d761aa90bcb0e1798cd5fe28e2aa8f88caa9ebd967875054de63682d 5236
cosign_3.0.6-1.debian.tar.xz
16510bdf8d04e2628f2a45ccdfbbf049b3c4477baf9ba1c22c37dd81bf44db0d 2286600
cosign_3.0.6-1.git.tar.xz
47e7c4ca6b9dcf79b8eec2492f3949743aef247fbff023b2f79c30e82587e2bc 17481
cosign_3.0.6-1_source.buildinfo
Files:
5098bf06eb0aee54eab79c1124498e3b 4116 golang optional cosign_3.0.6-1.dsc
b549f9c248f1b203322fd6c8346acb32 5236 golang optional
cosign_3.0.6-1.debian.tar.xz
a39ea176dbd917f8c5494a5be2ec0e76 2286600 golang None cosign_3.0.6-1.git.tar.xz
b3a9d62c3037044b0a8839fb30f223ae 17481 golang optional
cosign_3.0.6-1_source.buildinfo
Git-Tag-Info: tag=3d31f47751c79e24ea76effe6dbe0c49261f32a4
fp=a3cc9c870b9d310abad4cf2f51722b08fe4745a2
Git-Tag-Tagger: Simon Josefsson <[email protected]>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmofMxAACgkQYG0ITkaD
wHlM6w/+JIi5egP2P9WFFVqzSan4vpDznDXHnkobAtv+u8F3xH6rL9U7vZhVR06H
NHjuI1Vs0L8VcouD+cRO12pfj7QBeai0TzjMvmd47o8BlwdlOVMNSp9KhGM95J1L
ddQYs5Xv71SgxNhQcQpwc0wuiqB/6wTl24BlEpOTv1ZIRZQEEFNrPK/YJFArwAwo
L0rDz4rTWoVtK5c6DLgIqirsxD2xkELEihuctB+gsEgnRBZ/CtW4RrPmYRMZEw6t
eRFzF+e21oBfBEovy/RQVKzLcXXsP/apQDe18A0oqGsVzzCXmiu9zOdat0BZJICv
3GNfEw+8zyLwhoVTlKg/jXgFN8nMUuKWlds3f8pPRRkxWzjzs8W+coXh1dBgffJf
3G+W14j83z71RfiKMXQVVzJcCc2VsO7+m43GzSZyWBP4Zth6vEX734/3YR1uS5Y2
GLK4cYEROD/pwYNDTY0E0wxe+ZdEF0B72bGOgPY5Lw5aAE2m+22Wg0vLAG0E5D6S
5bdu1MywA3BWR2FMGyNeGnviid8coN5Q/owhJY25LhMzq4i+nHXIppQiZ347fr52
bKHiHa7G+w681q+fl9Go16yZjQ7ylLtuF5TkZQEqX3TS7wwzWpBmnyIxzmAUO9I+
FNDRFEGlTx4cQccrmad6sjO1rc/uLCgjMXzvGdUbYVTVRW4Oi9g=
=jKWO
-----END PGP SIGNATURE-----
pgpbzJfxf1yVU.pgp
Description: PGP signature
--- End Message ---
