Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 01 Jul 2025 01:32:04 +0200
Source: dpkg
Architecture: source
Version: 1.22.21
Distribution: unstable
Urgency: medium
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Guillem Jover <guil...@debian.org>
Closes: 1107971 1108192
Changes:
dpkg (1.22.21) unstable; urgency=medium
.
[ Guillem Jover ]
* dpkg-deb: Fix cleanup for control member with restricted directories.
Fixes CVE-2025-6297. Reported by zhutyra on HackerOne.
* Perl modules:
- Dpkg::BuildDriver::DebianRules: Fix uninitialized Perl variables.
Closes: #1107971
- Dpkg::BuildDriver::DebianRules: Fix R³ dpkg/target/<target> values
handling.
- Dpkg::BuildTree: Fix needs_root() for R³ with implementation specific
keywords. See #1107971.
* Code internals:
- libdpkg: Do not segfault when adding triggers in no-act mode.
Closes: #1108192
Checksums-Sha1:
8bb51843dba5e96a10e99aebf3c67809bf19d171 3449 dpkg_1.22.21.dsc
48f64d4a8bdce38239452d9b18b6aeb591537a0d 5743920 dpkg_1.22.21.tar.xz
b08898841bba660800eb2e8d432aa7d527e4fa62 8080 dpkg_1.22.21_amd64.buildinfo
Checksums-Sha256:
912c9d515a372064b019ae59ec343359f473fef982d1a084b4937c83de5dc222 3449
dpkg_1.22.21.dsc
57e6cc8408d8ebe08ef22f72149c2bf6b0f2ad62eea13db88e0b23bfd73303db 5743920
dpkg_1.22.21.tar.xz
0072b85da6319bbb87dd635fd030fbecef980975f623eec3759be833b6adb497 8080
dpkg_1.22.21_amd64.buildinfo
Files:
cd99a91990cc4c0dc4ac829bf480566a 3449 admin required dpkg_1.22.21.dsc
f814e2ca8d2cf2ea75ce780f7c72eb40 5743920 admin required dpkg_1.22.21.tar.xz
41cfb0a11b211a0246aeb987ee5a1548 8080 admin required
dpkg_1.22.21_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJoYyKXCRC5cr8+pK5Xo0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmcYGj7K0Re+Io3wHzV8KCevV4I4fOpR7MSc5i8QMRQC
ABYhBE8+dPQ2BQwQ9WlldLlyvz6krlejAAArZQ//SIT++hEFhWiaBi+5JYbhkRUT
y6AohIxHjczKwgif/rOVj3PEDYIA/Ri+pFKHlXlq/EwsvsiUQyQJ3WnZi5jZh+0U
0C+/Pu73t7lL0JrJZGkEhQWf7g2j4PyAz432mrqqiUp+pJdOxHXGMHxcYKzyI1fT
jtR1V8j+VQgngTIXZmoFrJ2yARVGBsxDcmHKSU0Yzm046wwwsMtnXP9QfipbZDBd
hEtwlsbHVYTX5jyIi+mFCCeYM9REBTvypjHRgFMdbnRvSLH6QsGJRBkrVulWKttO
HInEo4OSWj3JXTQdzQPmcMWRImUdpsuaA1Nj2bJZLORIaWhVdMt8ixyvCJQ4MnSQ
6OxFX/L4HznRnkWCoy0ibtAkLGYdyfot86KJpVSOQNs7DSIqyLlXJm7BMzkxSKui
qIVdzrwG8dRxx5wIMvgE9gfp8hI1NGvYsDZBVWLFwj4/Gr1MPQydjTsFcyyzGrWd
E0c//h49gdkGVypIZEGiF5MkVvHykcZPMsHlA0YG6H+IfCQS/JY37dhKe92wGnQM
eMeoILkBRHnZGy7th8cbhvwmw21/UiN2hXSuEHieV6frxviCwhEyOFEnzbRuiw/2
8egSmLepfY+msZSx3Qz7/xd71oiYgTJFDE7IoVh+HDwdv5brNMG3+oEVkSp1+W0b
rSZsaG+jpNblJ1hwWpU=
=B4iL
-----END PGP SIGNATURE-----
pgpWWfsgqAZO6.pgp
Description: PGP signature
