Your message dated Sat, 23 May 2026 21:16:08 +0000
with message-id <[email protected]>
and subject line Bug#1137326: fixed in rust-sequoia-openpgp 2.2.0-2
has caused the Debian Bug report #1137326,
regarding rust-sequoia-openpgp: CVE-2026-42783
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1137326: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137326
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rust-sequoia-openpgp
Version: 2.2.0-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for rust-sequoia-openpgp.
CVE-2026-42783[0]:
| openpgp: Reject nested embedded signatures
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-42783
https://www.cve.org/CVERecord?id=CVE-2026-42783
[1]
https://gitlab.com/sequoia-pgp/sequoia/-/commit/23403ff850352b420f19a8fb4724ce35bf963e08
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: rust-sequoia-openpgp
Source-Version: 2.2.0-2
Done: Holger Levsen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
rust-sequoia-openpgp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Holger Levsen <[email protected]> (supplier of updated rust-sequoia-openpgp
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 23 May 2026 21:57:47 +0200
Source: rust-sequoia-openpgp
Architecture: source
Version: 2.2.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Rust Maintainers
<[email protected]>
Changed-By: Holger Levsen <[email protected]>
Closes: 1137326 1137328
Changes:
rust-sequoia-openpgp (2.2.0-2) unstable; urgency=medium
.
* Package sequoia-openpgp 2.2.0 from crates.io using debcargo 2.8.2
* Add 0001-openpgp-Reject-nested-embedded-signatures.patch for
CVE-2026-42783. Closes: #1137326.
* Add 0002-openpgp-Don-t-imply-missing-key-flags-from-key-type.patch for
CVE-2026-42784. Closes: #1137328.
Checksums-Sha1:
abb75141f16edd78fac66f7d21cc1a159fa1775d 3668 rust-sequoia-openpgp_2.2.0-2.dsc
4932c6a76521c2285c5b841cdae385ee9059494e 16436
rust-sequoia-openpgp_2.2.0-2.debian.tar.xz
ce241590080a7986c655d3946fac6c9205dab554 7554
rust-sequoia-openpgp_2.2.0-2_source.buildinfo
Checksums-Sha256:
e674a7454214bc7ed9a25d0f67c7370a14a48675c74fae01267b44589cf002eb 3668
rust-sequoia-openpgp_2.2.0-2.dsc
e2825d5e31cf43e695a7f80fefc67f78dc707224058427350dcd7a523dda6570 16436
rust-sequoia-openpgp_2.2.0-2.debian.tar.xz
b9e49334f73f765d4d2710a086f3af16b22789d8fae2a75b1f1bddc11ad80361 7554
rust-sequoia-openpgp_2.2.0-2_source.buildinfo
Files:
2af2f1a2a418c23c43d99ebd37f307cc 3668 rust optional
rust-sequoia-openpgp_2.2.0-2.dsc
2fd6e8839477ad7d09224e0c9c424bbd 16436 rust optional
rust-sequoia-openpgp_2.2.0-2.debian.tar.xz
3f8a636cda8b8666f59778b825243028 7554 rust optional
rust-sequoia-openpgp_2.2.0-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmoSBsoSHGhvbGdlckBk
ZWJpYW4ub3JnAAoJEAkauFYGmqocSLsQAJq8e5fMBR1WyaMG7NlhS3FO1mWZ1bm2
Ut0CHEJ3TLTqnjPzeX+VnMSpzzmGNXeKygmQOX9qNeeCghho9B+qFbXiSulqvHEr
1tEUp7YjD1wNW9iYWo8pXcA4O3LopLX8efnCPT3vYp/h9aK/0YkxLpc9AG9HjCxS
b3BYbN5GDp0jqNw9Fkty8CvT0tOm7xSXzoQq//p8ybT02avUkdXpaGZnrDKeX843
oIzvTARa0ovxFX3tSfNRW7ZIDWOS30cCVWDM/tayKK4nnM1EJhSMTeT5K9Q0h3pF
54u9gz08I2DXa9HN4xizKdDagDe0aDSduuyUfdcCnC3lw6vOLtsS/TiIiVO/vkSG
cKZk1V0IVl7CVsERTBy9Okdz7ciMlTJWcxdr0ZDtVuluq9LmBMhFeW4RbEQrZdQF
uW+ocO3mefpTI5jh7bpGt9AnYCsGC/OyI2mwnUG/ViGvAGysVmIbzkcpiGkKbm9o
oQwhpxFbtP9eN6MX14hf10a2sOpHcTJKyiHTCfU4q8vlvzl6auVorp/OYxo4gIwV
bUNaV+hjgUMzmAn2nwzWW1DyBo3HrwXxthlL2A8ab8xMWShwOMDOHEdqNJO13rZX
OeWw5mMx4CYTvr6OcZF9875y2ahp//FWOb9/iBw5JM8SNk+IEPj3vOTAE5MZykzm
s2+oWDGbBH66
=fioC
-----END PGP SIGNATURE-----
pgpht9c_hgoPA.pgp
Description: PGP signature
--- End Message ---
