-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 04 Mar 2026 19:42:01 +0200 Source: busybox Architecture: source Version: 1:1.37.0-10.1 Distribution: unstable Urgency: medium Maintainer: Debian Install System Team <[email protected]> Changed-By: Adrian Bunk <[email protected]> Closes: 1127782 Changes: busybox (1:1.37.0-10.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2026-26157: Incomplete path sanitization in archive extraction utilities * CVE-2026-26158: File modification outside of the intended extraction directory in tar * (Closes: #1127782) Checksums-Sha1: cf3bd6438ab94036abe75dd0eb18435ea1310af9 2289 busybox_1.37.0-10.1.dsc 0a46c8c5a8b2dbcb6ab4eb6dcc216c5b40811dce 71232 busybox_1.37.0-10.1.debian.tar.xz Checksums-Sha256: 693c293dcfc2cfded30adbb1b1527e624f4afbacbfaadc9322d199e4174f06bc 2289 busybox_1.37.0-10.1.dsc 45c11b16e7031eb5ea691944408724084527732bf8e729e79cc74325eccf1e9f 71232 busybox_1.37.0-10.1.debian.tar.xz Files: 63fb165bb8fd1930ed7e99dbce8a901f 2289 utils optional busybox_1.37.0-10.1.dsc 3c610b7f2d812d1d77103961def0f4d2 71232 utils optional busybox_1.37.0-10.1.debian.tar.xz
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmmocYUACgkQiNJCh6LY mLHwcBAAq+rJAn+JbJQRfMhPdsZIz6rE6sv1zKIE+/1kGgOsssqp/iOGa+LYByUz SAL8qAWRfVM3OsDhMwgYXjluHx9sTUYNIq05NvTD24S48EkVbOk/RwLIplzpplcx FID9iNhsJ6ErtTUKq55kV8jcJHWJftl62lLsp6GoBeVrkIPKibhhzCwrNvy75XI8 jJyii7W+cHz/Er4PZBaoXLZPwGbGtnrCYM1g1a94rD2SzFSw2aHUtiJ863awkar6 v5FERnk/9EBJUebQZknd1g5BsZZoMcP0RsK9H1GQtW/gPSaOea3Zu71d166OTa5i 1B0l/I6iMlDXzuwN9PN76oEUtshQQaUPM8zjhePRsCI7nsiS0HIyFVAe7nb3FOzQ c0EJrdak5JzsCGiKcQpQuz+Na3OLYc4FM/JYOyRi3Cdu4bEp5Hb4wVgqZ7Fg4KL+ 5gtzxEsNSa9e97/BiZ26qmYM0mqhzsnEFUqIEddiSKzqyfOn8TCOIKSFA/moR4kA ZzhIS1c/hzel3J0Y2VC2QYRBjnTi63Vq9F7p9vj1pfEdpqJ6EBPMDsDa5AIzTI0+ jOAbl88DzunImCQeEemj8gzxqo/K1ZvqRzlrzz+rwVTkM33MJV0+OzX3kWa+Wqzf LSY9uJmj4iKRNtGOxVT4eTvolYcI1eOpzvM6zw44rzwWWp5wL/I= =sAD4 -----END PGP SIGNATURE-----
pgpGZwuylvsG9.pgp
Description: PGP signature
