-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 07 Mar 2026 13:15:41 +0100 Source: dpkg Binary: dpkg dpkg-dbgsym dselect dselect-dbgsym libdpkg-dev Architecture: amd64 Version: 1.21.23 Distribution: bookworm Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Guillem Jover Description: dpkg - Debian package management system dselect - Debian package management front-end libdpkg-dev - Debian package management static library Closes: 1061404 1065575 1070010 1107971 1108192 1129722 Changes: dpkg (1.21.23) bookworm; urgency=medium . [ Guillem Jover ] * dpkg-deb: Fix cleanup for control member with restricted directories. Reported by zhutyra on HackerOne. Fixes CVE-2025-6297. * Perl modules: - Dpkg::BuildDriver::DebianRules: Fix uninitialized Perl variables. Closes: #1107971 - Dpkg::BuildDriver::DebianRules: Fix R³ dpkg/target/ values handling. * Code internals: - libdpkg: Fix varbuf memory leak in pkg_source_version(). - dpkg-deb: Initialize threads_max in no-uniform-compression mode. - libdpkg: Handle tar long GNU names and links not being NUL terminated. Closes: #1061404 - libdpkg: Do not segfault when adding triggers in no-act mode. Closes: #1108192 - libdpkg: Terminate zstd decompression when we have no more data. Reported by Yashashree Gund . Closes: #1129722 Fixes CVE-2026-2219. * Build system: - Build gitlab CI images for bookworm instead of sid. * Localization: - Fix typos in Swedish man pages translations. Closes: #1065575 - Update Swedish translations. Thanks to Peter Krefting . Closes: #1070010 . [ Helge Kreutzmann ] * Localization: - Update German man pages translation. Checksums-Sha1: e7138de554b92caffe6c3bc5d20ec5b3495f7564 1263360 dpkg-dbgsym_1.21.23_amd64.deb 8ea9c72df1f33dd764713a1f06231b2055881119 7729 dpkg_1.21.23_amd64-buildd.buildinfo 578cc2df5b95916a938050a9529f164eb49e5941 1567804 dpkg_1.21.23_amd64.deb b8ab370e1374cc35b725bced09c12316085f8abe 264936 dselect-dbgsym_1.21.23_amd64.deb 76074cc42462f4ab57846af990eb741ec74db535 565612 dselect_1.21.23_amd64.deb 75170913b67f477ec2ebdf8f266ae907923dabec 355660 libdpkg-dev_1.21.23_amd64.deb Checksums-Sha256: 89f7b284c1acfd7feb7036325a754520f4221b870045c052ee7a7de88306212d 1263360 dpkg-dbgsym_1.21.23_amd64.deb 5481fd9eedca3c0a87d84df26fa8c4028412e52c09a3f34159eb2c19885c069c 7729 dpkg_1.21.23_amd64-buildd.buildinfo f89e9f8d1a4a50ade44be3ed59a6ec55460fce205d2f8520c5c492137c5b609b 1567804 dpkg_1.21.23_amd64.deb d085905165e4769d600a2df3376486f8d6b22ad47e0ba0b706cc9a8967727562 264936 dselect-dbgsym_1.21.23_amd64.deb ea081fd49122c91110d850e66da6bcd27029c45f8cd570637dfe9402e548f1cd 565612 dselect_1.21.23_amd64.deb eeb02c94ac697057733b7c54e5b1b93f472f1cb29b1ae943a09d34f71b19c2e1 355660 libdpkg-dev_1.21.23_amd64.deb Files: dc38b1889f0d59d37bcc6a23707d6378 1263360 debug optional dpkg-dbgsym_1.21.23_amd64.deb 32907b249b8f4f73e78bd8c35a4f3f7b 7729 admin required dpkg_1.21.23_amd64-buildd.buildinfo 2858b1c15607a869ed221c922f06740e 1567804 admin required dpkg_1.21.23_amd64.deb a8a0c27a97c5b6b72bb7719832feb497 264936 debug optional dselect-dbgsym_1.21.23_amd64.deb f7118295d93ca702037dac36fe10236d 565612 admin optional dselect_1.21.23_amd64.deb eee27972ed6a7b1cb7044f36e5ef879b 355660 libdevel optional libdpkg-dev_1.21.23_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBDWXQb2umOtH4DRpYg9P9sm2dfEFAmn3xn8ACgkQYg9P9sm2 dfHtwQ/8CeLQjxnmteqGWHBwF2T8g+fCw1TOiBfARQf7hUY1qXxVJRbSN7Jv3zpn us6doOP/cFVlyLRc8Y6r3eUcFqixhY3Rj7+Eqx8Q5ObHR40++DjO044GFm2XrOVV qDjBvmGnz5o2IcuRSyEO1AO/H7KMZyHKbYS4C84/RnMB7l/QfqIBFWXo0Gb2iQ7y XdNY+Tm8ArvymOY6SJRHiAYKrtrhANiQC+w3BcxUIK745ziQ/lCRhQhMUVJqc68B x3xTlZPxBnkP4jw4p+L71kthoH4fp2twitRelYNWydSE46ivBxbRtAx7w8HaK83X 3aP75K/V/qdSSsFz2+UZLPphatl/CsVFLfwScieaE2Fyi31umzL2838WQwcYSjV4 DDQAx8tRCPRcYpgeHGvicHFRWnfNI2ytCN2gbBRNkILnw6vJF+8ceNyfM6HZnItw 4eLSKTNc3qqZrJiSMtW2lDpWvWFYwr8PT7BMd6TpSwCkoRvN/GrU4eEY9b15of+5 LkZWtWApAa8fm/Qpl2lE1oCFVgwWuqOrSD7dQjaiUJmCgLAGsyS9ucErm4ecN6Z2 fs9+KST244ulSMz4W5mb5cSvibK25OmpcYVfrW2EPb2Bd6r+AibRfBpTqAVWvRuv APevDfeCCJ+ClHswI7zWlSMr1MU89I13Iy8fyMbVaEhgEDTpUj8= =m4VS -----END PGP SIGNATURE-----