-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 09 Feb 2024 12:22:37 -0800
Source: diffoscope
Built-For-Profiles: nocheck
Architecture: source
Version: 256
Distribution: unstable
Urgency: high
Maintainer: Reproducible builds folks 
<reproducible-bui...@lists.alioth.debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Changes:
 diffoscope (256) unstable; urgency=high
 .
   * Use a determistic name when extracting content from GPG artifacts instead
     of trusting the value of gpg's --use-embedded-filenames. This prevents a
     potential information disclosure vulnerability that could have been
     exploited by providing a specially-crafted GPG file with an embedded
     filename of, say, "../../.ssh/id_rsa". Many thanks to Daniel Kahn Gillmor
     <d...@debian.org> for reporting this issue and providing feedback.
     (Closes: reproducible-builds/diffoscope#361)
   * Temporarily fix support for Python 3.11.8 re. a potential regression
     with the handling of ZIP files. (See reproducible-builds/diffoscope#362)
Checksums-Sha1:
 4b1e814d39bb41bca62b1b4a21e2fddff7ae73f6 5179 diffoscope_256.dsc
 550f068feeed5b9daaf90f5d205d7a0af314c015 2451936 diffoscope_256.tar.xz
 d6c50efd148b08264c6acb8cbd1026c270250555 7502 diffoscope_256_amd64.buildinfo
Checksums-Sha256:
 039563f19ebc3b97ecab902555dd424cf135fb8ea50ff087539f6f64c2bf6e96 5179 
diffoscope_256.dsc
 59d59659979ab62f875e9b7d2ca3fc39540d70238421780310a58b1296bad541 2451936 
diffoscope_256.tar.xz
 db85072b75f1dc70ce98fcef23396d75bd68dfac87c0b26043117e96bc0c8f08 7502 
diffoscope_256_amd64.buildinfo
Files:
 02c33595d6b364ff2eab584ced015b73 5179 devel optional diffoscope_256.dsc
 b7b94774b1ed5f92621f8087ea29fb7d 2451936 devel optional diffoscope_256.tar.xz
 5564240f26c22b5d714bb21cd125f3b0 7502 devel optional 
diffoscope_256_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmXGikgACgkQHpU+J9Qx
Hliz0A//VeWk1DzrzQoJUAUDe8URnUzg6ciyi5ng6q7yhlI9yXjPnl/svu0TOxQh
qCA9rqBQ+KBD6O6FV8kfXfpx/3S3zg6zDa1oyIUWEnEtn5oN4z9+iL6MMJ8DzCKz
D2GSxdtYsSOK3bmB5PRAIZcPlbgobBMqppVW5ZOAyFxT2F66wyw91p7vpB4oNfSv
qUmYh0bn5BAobHjpVQ0MEjrGytHbgPWrFX3V7cEqV4q4/CT38YG7ColDfF7XdNoS
aZOe9fwdCzlZ+3VS0Ja9NTKBIUB97unlkO7jUk+cNud0ZT9hvxCfD4Ka5yU7NLM8
pRB+f2+ACQmgUXQTo4lKL3Nfcs8KSfSmr9D7P10csX+39xqSEnNyRRFB5JLmVgRa
ab7t4naMUg1Na20Ieq5AvFkrymq+qz2/JZM/bLEDhbZxMls6XzLd0kuo9XRZickP
OoWaR7z1Om2R/gkjJtzcSiYcqJsWBQOtqgCQFvafrpy8k7bmD+g2kSvVLsz2I8Qo
bUAs+npJKICpLFBNAjK0MdSkM+sAzIeDCZLe4uYgg7FgrGZdm6EWEvJwQsvkPnvR
57DuZw6xCci9EP45nhfbuq93nn3AnV9OmIvKVGiSDjPoL4qer8jC7Nn62UetirU0
Q9IVseE0qsNzzsVwlaw8ysTyViLX2kyJk0kfxnr+VhhobckiLPs=
=hGZ8
-----END PGP SIGNATURE-----

Reply via email to