-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 13 Jun 2026 10:15:04 -0400
Source: debusine
Architecture: source
Version: 0.11.3+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Raphaël Hertzog <raphael@freexian.com>
Changed-By: Stefano Rivera <stefanor@debian.org>
Changes:
 debusine (0.11.3+deb13u1) trixie; urgency=medium
 .
   * Security update for stable:
     - Enforce permissions on the file body upload endpoint.
     - CVE-2026-11852: Restrict artifact relation creation and deletion.
     - Sbuild task: harden against shell injection.
     - CVE-2026-11853: Reject .dsc/.changes checksum filenames with multiple
       path components.
Checksums-Sha1:
 3c21d91a8aee3758767b5a42e02a2cbe66c6219b 4813 debusine_0.11.3+deb13u1.dsc
 40bb3a789ec622c012a4f81f519b51a2f7485001 1298460 debusine_0.11.3+deb13u1.tar.xz
 424a5e48eb0ada9b87e89973a5f40c939409bc12 2710476 debusine_0.11.3+deb13u1.git.tar.xz
 46a9dcd1a3e1bdacff9347ae9eb98da83ec6f6f1 17520 debusine_0.11.3+deb13u1_source.buildinfo
Checksums-Sha256:
 2d2e20430a771980a134cfc632240914f59996954e76268da41ffea8e57f6431 4813 debusine_0.11.3+deb13u1.dsc
 61da98bf19778f241faf9428bb577057d8eba240775467cebc4653d50dc8bc25 1298460 debusine_0.11.3+deb13u1.tar.xz
 0243ce2a5adb130207ea57a1d5dc5beaa89f72870de7c95c34249ecdd302766a 2710476 debusine_0.11.3+deb13u1.git.tar.xz
 1a5a28abd07f64a07820f6508cb3c1607a163db4925edb3b6408805d0a460c3b 17520 debusine_0.11.3+deb13u1_source.buildinfo
Files:
 5c20ef114264bef19f30f108776ad6d9 4813 devel optional debusine_0.11.3+deb13u1.dsc
 627e318b1ebe9f45519cccea8294ea07 1298460 devel optional debusine_0.11.3+deb13u1.tar.xz
 06566559b0ab0b886e29f685fb3cb929 2710476 devel optional debusine_0.11.3+deb13u1.git.tar.xz
 fbee272ffa4a1ae54406326d1789ee17 17520 devel optional debusine_0.11.3+deb13u1_source.buildinfo
Git-Tag-Info: tag=cf9f28d4b9e6c8cd1fcecc7a98a0b81fe8983cd4 fp=ee9ad6f90520fa11f69f4824477b0db0263a54d8
Git-Tag-Tagger: Stefano Rivera <stefano@freexian.com>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmotZkQACgkQYG0ITkaD
wHlOSg/9GW43tSDPnABFDL+mKLOG+9ExjY0Z4bGJTdBm2kts2cnOJ7RdC+B1Zsvt
sQV3dp4lk675XeVf3rQiI8VYlWDj593y0P1rRwc6NdzTYnQxfx086y0FWlEtsyQX
yxpBMj3GXMFewi4tClUCTypMd31QYtCBRobfWPqTk+g12CfPUtPeu0ch3zz/KodS
8DLS8QpSUcb2sIo8psgwsCthiC811VXo6J8c6CV8nFV+5BxVIOs1p78O4Jzz3YGf
cZpDELxKsPPE83S0uw08umCo9h90VoqCT7OoCpaNfNRGC7q/IPi+iZfP2yObqRbp
T/o53tVw+qaf5JSfCNsjvF1UahW8Tdk/fNNQDtgczP4Ruo5WH8nIRWX8x9s1PtJG
cV7sA59qqHAA9e1FEe7dIIg8wKRWmIp0kVCTAurPPlsLKH1xxTyyghH/0IEoFXd/
yTB8ZHUTWPW6G1eG1dICt0NWIqvOZ/eBgsP6FJ8QcO2eEsK266PHkqB+kjEU6NV4
bephEB5W0tWRczL4KCMpPeGfPsyqyEMqSeyzRQ/qP29RO3/3blBxBq6DVaUxJkEA
N85TZwLvsyT4KyJuPfMFA5vpi3UEZb3+EecXGzV/lHZuGBcCBpoKjbgnpalFS8eQ
pkMihwi5rf4379k0F1scrOeZxt2TsfgFzAfNNSemwxeFiohoahI=
=gCCp
-----END PGP SIGNATURE-----
