We believe that the bug you reported is fixed in the latest version of
attr, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1141107@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guillem Jover <guillem@debian.org> (supplier of updated attr package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Mon, 29 Jun 2026 23:34:26 +0200
Source: attr
Architecture: source
Version: 1:2.6.0-1
Distribution: unstable
Urgency: medium
Maintainer: Guillem Jover <guillem@debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Closes: 1141107
Changes:
attr (1:2.6.0-1) unstable; urgency=medium
.
* New upstream release.
- Refresh local patches.
- Remove upstream patches included in this release.
- Update upstream OpenPGP signing certificates.
- Fix symlink traversal vulnerability [CVE-2026-54371]. Closes: #1141107
* Remove build dependency on debhelper (>= 13.10) implied by
debhelper-compat (= 13) since Debian bookworm.
* Remove build dependencies on automake, autoconf and libtool implied
by debhelper-compat (>= 10) since Debian stretch.
* Switch to Standards-Version 4.7.4 (no changes needed).
* Refactor common synopsis into a source stanza Description field.
* Improve and clarify package descriptions.
* Switch debian/watch URL to use the one not affected by mirroring,
as that has delays of up to a day.
Checksums-Sha1:
dd184d23dc522791cc25c3c13527135f7e3c6192 2616 attr_2.6.0-1.dsc
48c3ec9dc5322bce4cae0719dc4e347cf0d189b3 343608 attr_2.6.0.orig.tar.xz
169065fb78401c173473c3fefe1f61a4259d0b85 862 attr_2.6.0.orig.tar.xz.asc
bb2a023aeb7919f6951a91a7a73d7bc6111228e7 56048 attr_2.6.0-1.debian.tar.xz
2020a1f9cf7150acf643541d15c1f28e6ce4433e 7193 attr_2.6.0-1_amd64.buildinfo
Checksums-Sha256:
201f355d744a87cfba8bbbcac317334ae4546ec53f37df75355fa67bf26e991b 2616 attr_2.6.0-1.dsc
6c8a2148a7b85043b68492bce43316b0e2e214fc4e628c7ede078e76e216330b 343608 attr_2.6.0.orig.tar.xz
2af9e7ab3f24f1b4c0ec753a788c6ba588460d80f1ef852df23e1dfa2575e0ec 862 attr_2.6.0.orig.tar.xz.asc
b2a04e8170dbab934c5d43087deffeaa42168fdf3f31933ac28f62cb7995c6ab 56048 attr_2.6.0-1.debian.tar.xz
ef58f7f21c21663e99d9f2f649a906169cd33721ade4389435692cd274479a9b 7193 attr_2.6.0-1_amd64.buildinfo
Files:
9c060a77520a89c23092296cf89b9a1c 2616 utils optional attr_2.6.0-1.dsc
c0516a99377b4938eeb7fb2699247e82 343608 utils optional attr_2.6.0.orig.tar.xz
17530e1fd23e0bd79aef244566c2df86 862 utils optional attr_2.6.0.orig.tar.xz.asc
0486858de7cc198e89f995ee39edee80 56048 utils optional attr_2.6.0-1.debian.tar.xz
8d56238328605d3fa4aa801599433d60 7193 utils optional attr_2.6.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJqQubTCRC5cr8+pK5Xo0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmc8z3ctYyM0QoOoF5z0oTWqy17kNadT9+iHBR1GI5nA
ExYhBE8+dPQ2BQwQ9WlldLlyvz6krlejAAALSBAAodB8ZZB2PoIFcw2cVhLKiSvB
oOOk5QAsSoXkVIv7Pm32QrR9rvuvN6CE/NVaKgPozEy8nDw8Urc/D2wpt0k3PpTQ
HAxhORIlgbAdQPEr2SMIjtMqWTX1C0Xknn88TLM2XveB1qvC25wTt9uahlLA55S4
TjrmEcTEMXfOIrzS+DHGVITL9VGmKkbuef2tHHO+fh8XAigZiftnXj6QClaqoCZ6
59zrO0oo/qvLUYN2AOYUHU0XxYPIwRK5YBgFhmHtsE4oJ/wYbCubIp+we+VlE5jP
2IeDc1HVYHZ23ZCyZ3xLbl7Ltov1LE21hMnzCvodwMFagq80lOylr3x2DJb19Gnp
2+z8NUcVnSAYRY9MgF83S1txe5/YsknmH2VK0zCtux+4H2v6Ws4fyenX2M+zRjtM
HUu2itVX7hX67ETRZXJEiAYAo59ssSjFjqYSAsNrbhhRq3J95IYfV1oPfXM8JCFg
OLlIUK9bG6MePKpCrzUPvxA/xm3yrjhfmB6YbV6ngry9bFu/CvykYP/WfTaaEPg8
LASIdAYlLZtYe4fLwvcvzp2HsFb0dlNi00a6J8fZ6hRGeVcUZvZ80d42XIIc0VMI
on5As0atJ0MmP0jZ41Z5eJ1bdQGMrxHF3q6ob1+xnzhXe9S+HA7HVG29rDJsLG4b
O9fKGIxTObyBipPSIWk=
=P7tA
-----END PGP SIGNATURE-----