Overview

File _patchinfo of Package patchinfo.42517

<patchinfo incident="42517">
  <issue tracker="bnc" id="1256244">VUL-0: gpg2: gpg.fail/detached: Error out on unverified output for non-detached signatures</issue>
  <issue tracker="bnc" id="1256390">VUL-0: gpg2: gpg.fail/notdash: Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG</issue>
  <issue tracker="bnc" id="1255715">VUL-0: CVE-2025-68973: gpg2: gpg.fail/memcpy: Memory Corruption in ASCII-Armor Parsing</issue>
  <issue tracker="bnc" id="1256389">VUL-0: gpg2: gpg.fail/filename: GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field</issue>
  <issue tracker="cve" id="2025-68973"/>
  <packager>ayankov</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for gpg2</summary>
  <description>This update for gpg2 fixes the following issues:

- CVE-2025-68973: Fixed possile memory corruption in the armor 
  parser [T7906] (bsc#1255715)
- Fixed GnuPG Accepting Path Separators and Path Traversals 
  in Literal Data (bsc#1256389)
- Fixed Cleartext Signature Forgery in the NotDashEscaped header 
  implementation in GnuPG (bsc#1256390)
- Fixed error out on unverified output for non-detached 
  signatures [T7903] (bsc#1256244)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places