-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 13 Jun 2026 10:15:04 -0400 Source: debusine Binary: debusine-client debusine-doc debusine-server debusine-signing debusine-worker python3-debusine python3-debusine-server python3-debusine-signing Architecture: all Version: 0.11.3+deb13u1 Distribution: trixie Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Stefano Rivera Description: debusine-client - Command line client to interact with a debusine server debusine-doc - Documentation for debusine debusine-server - Services to run a debusine server debusine-signing - Signing service for debusine debusine-worker - Standalone daemon handling work requests for a debusine server python3-debusine - Main Python library for debusine python3-debusine-server - Server part of the Python library for debusine python3-debusine-signing - Signing worker part of the Python library for debusine Changes: debusine (0.11.3+deb13u1) trixie; urgency=medium . * Security update for stable: - Enforce permissions on the file body upload endpoint. - CVE-2026-11852: Restrict artifact relation creation and deletion. - Sbuild task: harden against shell injection. - CVE-2026-11853: Reject .dsc/.changes checksum filenames with multiple path components. Checksums-Sha1: c93660d2e1947fbfe400289044c5acedfe68df92 15228 debusine-client_0.11.3+deb13u1_all.deb 628bd14d2b53dc65bd060cdbf3cc016c2f63aefb 680784 debusine-doc_0.11.3+deb13u1_all.deb ef5fd808463fa2f73dcccce1390611bb00499447 22624 debusine-server_0.11.3+deb13u1_all.deb 7c05285b24dd10fff1cbe581581d41fac607fcf9 16820 debusine-signing_0.11.3+deb13u1_all.deb ae0895edb7b14e419ea21b18be123f2ada83778b 21696 debusine-worker_0.11.3+deb13u1_all.deb 4171431db71360f463be948172f137b8676873ab 20119 debusine_0.11.3+deb13u1_all-buildd.buildinfo 25677e20a4f62061a85f6e020368be0dd8f23701 746992 python3-debusine-server_0.11.3+deb13u1_all.deb bcb8d37f2a57237c259d8e88ab916c8428766474 44628 python3-debusine-signing_0.11.3+deb13u1_all.deb 1ec528841d85948c5e5b47611737dc27b8954955 288568 python3-debusine_0.11.3+deb13u1_all.deb Checksums-Sha256: 9f41b3f754ada75566d4bc9c0c4a5fbcf83cd5c35782b17abcb071e3ca055138 15228 debusine-client_0.11.3+deb13u1_all.deb d6e81e0c2c1afb932ba342580731065553529819f3854885364a75fcd08fcf1d 680784 debusine-doc_0.11.3+deb13u1_all.deb 8d7598ff5a4521079867ee1a6c97d19de4440fb8dfbf76551632b47206dbdab2 22624 debusine-server_0.11.3+deb13u1_all.deb e62250fda7523d9638928cf5cc3628533071f88eacbefecc3e1e30314c0a6370 16820 debusine-signing_0.11.3+deb13u1_all.deb 97caabefc31e3d795ec67cf09d126277490bf483d71650ecd28aeb5c1a4c39de 21696 debusine-worker_0.11.3+deb13u1_all.deb 9c772f94fa0a6303fec7a6bb22e26749233ac0363fa1af752e0847bff13aa8b9 20119 debusine_0.11.3+deb13u1_all-buildd.buildinfo a31f2baa4bfaa31aef89310a11821c5e6a01eb4cc25623470fb42fd252e2fe5f 746992 python3-debusine-server_0.11.3+deb13u1_all.deb 6b7d3448be8b444cd96be7003bded123841003e2c31b8b2a66a1d9d8c549104c 44628 python3-debusine-signing_0.11.3+deb13u1_all.deb 614d03f7198e10369533653b7ba7d348ec0d7dd7540427f2c4fe3db01157d4d7 288568 python3-debusine_0.11.3+deb13u1_all.deb Files: 122beddd12897d9989e49fee0b6abcb5 15228 devel optional debusine-client_0.11.3+deb13u1_all.deb 7fe83c5733e5c857b2bad22f29afe9a6 680784 doc optional debusine-doc_0.11.3+deb13u1_all.deb 1f5086464a9a7614167e82ae7427274a 22624 devel optional debusine-server_0.11.3+deb13u1_all.deb 2a2c7610bce51d3620ee7137434cb879 16820 devel optional debusine-signing_0.11.3+deb13u1_all.deb 75708ad91ded8115db89ffb3b09b8538 21696 devel optional debusine-worker_0.11.3+deb13u1_all.deb b45b231ba0bee12e0f75ea70664d7fc5 20119 devel optional debusine_0.11.3+deb13u1_all-buildd.buildinfo 121b62edc86b056a6dbd9e833db319c1 746992 python optional python3-debusine-server_0.11.3+deb13u1_all.deb 12fa1b334296d48af67fee12145f0f0c 44628 python optional python3-debusine-signing_0.11.3+deb13u1_all.deb eb254c00874a07fcf47487ef6647e132 288568 python optional python3-debusine_0.11.3+deb13u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5ZI1lXv5WjhHIVjsN8Ugyu9dQiQFAmpEW+YACgkQN8Ugyu9d QiQTQw//ePQr1NHlO3wzU4Sw8EqiD8MsER1rmhb6iElvQ8L452Pxv9KtL0dUAgrf iEOQPSShLSupnzm/KC+EqjPwdW7pUprEYFT6F3YMzek/iK3RxFTDy0UMABfMkR7t 7Ho8btn4pHns8itfzr4+YUhePkTuLzkQFXENJQQjigrvnUjfQJPvFZIcCb/tvXcU PjYsravvMI5j+pNh16U28YSxPBV+D7+yHkA+Szx+9f7fFC1oci9DFb3/xwNqn8pG dPAi3NNPy4fPwc39iGwkfUOq49t4Fdv90Vicq/0JSEPaj6chnkSwtXbdAvCangPd 8bqWQ2OsTQeq8A88bjP3x1e2AhCL3AkVLHYTvGQ4QCeVoJtADmGfQ7gzM/xZLoNG 3mJxGZmFV/f5eZHj2WVYglyMUplk5ppQUw3NHPRaQrJLqrOIWpG/yLsZPQZR2hmo YTm0KrnV+uc9wSfEQaErGMU6zdMkYouMVIxeeFat8kJVYZ7xjIV5C14p5yzg7PdZ FDC7I/yRrKAjtUozlEjHbQ7lxibGzYZ/5TgZHw7qZaQW1w/Bos8PlzSMxqJ2BH34 lQQYzmcGQ6RyUq5+y0P65NTKqlvRekVAlsv54dMXZNs47LpTpj6i4zEkXENvBZYc K7JZv4RebV9gKBAY49/jwvq4j4AToIXANU1u7yjkVDmLlCrrl3A= =1+bM -----END PGP SIGNATURE-----