-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 02 Jun 2026 10:04:31 +0200 Source: p7zip Architecture: source Version: 16.02+really26.01+dfsg-0+deb12u1 Distribution: bookworm Urgency: high Maintainer: Robert Luberda Changed-By: Sylvain Beucler Changes: p7zip (16.02+really26.01+dfsg-0+deb12u1) bookworm; urgency=high . * Non-maintainer upload by the LTS Team. * Bump codebase to 7-Zip (not p7zip) upstream 26.01, fixes: CVE-2026-48092: SquashFS Fragment Offset Overflow CVE-2026-48095: Heap Buffer Write Overflow CVE-2026-48101: UEFI Capsule uninitialized heap memory disclosure CVE-2026-48102: UDF Field OOB Read CVE-2026-48103: WIM SecurityId OOB read CVE-2026-48104: SquashFS BlockToNode uninitialized heap read CVE-2026-48111: UEFI DEPEX OOB Read CVE-2026-48112: Ar SYMDEF OOB Read * Adjust packaging for GitHub-generated upstream tarballs (cleaner permissions, Unix-style newlines). * Sync new patches from forky: - Update 0001-Accept-Debian-build-flags - Reject 0008-Use-Wno-error-array-bounds-option-to-some-specific-f (not needed, no GCC 16) * Selectively import packaging from forky: - Update man page for new "-spo{d|c|r}" option. - Update debian/rules. - Update debian/copyright. * Improve NEWS bit. * Add p7zip compatibility tests. * Improve p7zip version output compatibility. Checksums-Sha1: bb56dac0ccf5f113b30aac4709c3b75a76fb2103 2026 p7zip_16.02+really26.01+dfsg-0+deb12u1.dsc 191ca7bec6a08c4fbfe8deda1dd4649f5e7f6666 1524516 p7zip_16.02+really26.01+dfsg.orig.tar.xz fe8e9501965351ab83decaf76e4bc9d78351d340 22160 p7zip_16.02+really26.01+dfsg-0+deb12u1.debian.tar.xz d9636d3c07fa715b5d6f63a1b8cf444e9a619fb0 6001 p7zip_16.02+really26.01+dfsg-0+deb12u1_source.buildinfo Checksums-Sha256: 8fba2c5bd628127f1ca7d8498c842f5344a2f162de72994120decb98682ffcb2 2026 p7zip_16.02+really26.01+dfsg-0+deb12u1.dsc ae0caa31cd8b95b25ede66e048781a268748f8342fbdf273ba9d91f7b4468022 1524516 p7zip_16.02+really26.01+dfsg.orig.tar.xz 46346771924141806b02a6d5a0579f9b9cbad89940c064c0da9bfac2f7164d9d 22160 p7zip_16.02+really26.01+dfsg-0+deb12u1.debian.tar.xz d9c827f152f730c7cc82f29b2abb9c66757ec95605d00a98cd982977d3ab96a6 6001 p7zip_16.02+really26.01+dfsg-0+deb12u1_source.buildinfo Files: 1e5330c11e09542bc1e17bcad37ee06f 2026 utils optional p7zip_16.02+really26.01+dfsg-0+deb12u1.dsc 13789009d1e63b11606cf5d4004b7577 1524516 utils optional p7zip_16.02+really26.01+dfsg.orig.tar.xz b80fb8036ff64a1b09045f4b69a58340 22160 utils optional p7zip_16.02+really26.01+dfsg-0+deb12u1.debian.tar.xz db32d2de296d1dcb078da3678464b6e2 6001 utils optional p7zip_16.02+really26.01+dfsg-0+deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmpFdAMACgkQDTl9HeUl XjBKLRAAwUkXTfWp6QqF0uD1WWU0dxMMYVYBMj5rg/imKuZj/ot5UwdXoQ2fojzH E2vMr8Xefdi8GZP3d5orLEmS2lR7MFxMwpIA6Pq6CZzcEb8VWHQE2ZG6ENBRCdCz zjk6pS33E6oGT6DBTnu2m8hL7qrI8ObkJy1f8WdOJKfVwgaSLq3bvCfsYuPNpxdR A8v3sWCNV7DXghPJ3gMX1bdQDIzru8MA0LV05AvioMvOoFyvbe71u3+OqwGp2DYN mCvLfudpY3pmY2xPgx2Aat5djCPxWgdHaqnjad6JZ5HH/wg6A683II2/nH7wNcVh bpWXOkn9dX5Zpg795qYu84Lh8aQVedgd7lM7h0Ar9OJT5Dja6R0/jkIAYuxZ6tIh JXYdIfevhWXtumYONH6CreaGY1N9fFDabvu5HKoJgP9umEkoPWeYut1sAMYRxZbw 2kUmvUIfm1s0ORnrVKhwlQs7mkEmY8c4PjLHd2ge+iQBm3X2q4aufGUnCL5H+jKe PoB5vN4CCDyHIPl7FLONypHr1vIw/9wPfF0M7ijmAQSBXkTHwyG1PaVR2FStpDFS EGlVAndj77DfIYGu2Z1UQgseKJ+RcvPvAnI04nMdkjEXKAi3iWUgCWSaSymAvAEb feItBHoFWNTdx5xNtn1+EhgCGOwZ4HuOZ5DvIjhQ4fpkfzZlNDA= =OXc6 -----END PGP SIGNATURE-----