-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 29 Mar 2026 04:15:46 +0200
Source: gvfs
Architecture: source
Version: 1.50.3-1+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Andreas Henriksson <andreas@fatal.se>
Closes: 1129285 1129286
Changes:
 gvfs (1.50.3-1+deb12u1) bookworm; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2026-28295 ftp: Use control connection address for PASV data
     (Closes: #1129285)
   * CVE-2026-28296 ftp: Reject paths containing CR/LF characters
     (Closes: #1129286)
   * debian/gbp.conf: Set debian branch to debian/bookworm
Checksums-Sha1:
 d1bc42e9e637f0862dd9c83c3d4541284a3b56df 3539 gvfs_1.50.3-1+deb12u1.dsc
 2c0f69e2a3e689abce296962351d44eac8d16c96 1227548 gvfs_1.50.3.orig.tar.xz
 3f7d8caae7404024572e62f3f8905707b6d50aa7 29256 gvfs_1.50.3-1+deb12u1.debian.tar.xz
 48cad75d7479e61784f8977eaf767691e0e1be69 9395 gvfs_1.50.3-1+deb12u1_source.buildinfo
Checksums-Sha256:
 98303b3fc62f69ea08a38369cc56ace9339c28f056be7ffcfc871965ac0224ae 3539 gvfs_1.50.3-1+deb12u1.dsc
 6897119e97bb16029d2778e1a5a54a6a6592631f8b2f3a2a1dea4ef2b01803fd 1227548 gvfs_1.50.3.orig.tar.xz
 c7a5bf3f286806e5c12f5765e3e4e52cda37ace39806ab59e95a7b3fefc2830a 29256 gvfs_1.50.3-1+deb12u1.debian.tar.xz
 fc98e60461001103c86f7c69a705376d1fde5b62e7a01a56c48b9b96d877ba03 9395 gvfs_1.50.3-1+deb12u1_source.buildinfo
Files:
 8f92f945b4a45fdd2e17d845fd067e8a 3539 gnome optional gvfs_1.50.3-1+deb12u1.dsc
 052ef17215d1ff52640713297d4d4f5e 1227548 gnome optional gvfs_1.50.3.orig.tar.xz
 32adeadb398de73ca939768f45094edb 29256 gnome optional gvfs_1.50.3-1+deb12u1.debian.tar.xz
 117657df7af5f6bb60e27908873c6b03 9395 gnome optional gvfs_1.50.3-1+deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+uHltkZSvnmOJ4zCC8R9xk0TUwYFAmnLyusACgkQC8R9xk0T
UwYc1g//SLQVulCZtgPPVAUJty6Xx5MFXqbJmQJXVTWc3g7oYDhdv0dhUrhYUpOT
BEVM95WrlYmZPcl/L13OnDrdnG+aAyNc12H2Cp19p8TTnFs0LkGbA5GB0xqHi5LP
HuhU1bnnJYoapA1dgY4DrwUhJNIgq5ZMg8QdZUOTBGeWqdwVfnO9NughNN5DXOfM
d2s2HyL3xf0murevvWiA63gAJqgpS6QMLfXs2+xOFBz8yRIHv4Tf5hD9QkfGkfE+
dWYnoj6jBdYHC/JQHnAgmOL2VLXWTHD0C27dZGuc0qJXHfuq9leB2w5I4qSPYiu2
7ixQUbG+DH8eSpLmPOMrHUv8pYHMC5FFXuMMajgChCIXKjuGYj25VcZasJIdVaWV
73uJoq+paHYvVq5MvUqoVyMprLI269IKrOVkc++l5UArCDEd5kcDjghtvHml4Cul
RuUSV7VprPoLw1NqxqAMWUFOOG39OcV6ANjQ9FqHY/zTXZQkZQ29So2+fLf6cVlj
DBMRY8eD9P/uaZ9QJ/G4OE1olr+IqJ8p7Y8PyQs81OcOFFICNsplkvhiQsFmmNnJ
PKa7RjmEdNu02Qz5o83l8cou9GHDG+eMf/Fn2M+P8EztwTAwdLl95YFGszNc3SMs
laeE5Ygnyfw8rxzCYoxAx+JW/b2u04kn5DUGoHgGkwdVewoZzBQ=
=Y5h/
-----END PGP SIGNATURE-----