Overview

File _patchinfo of Package patchinfo.42184

<patchinfo incident="42184">
  <issue tracker="bnc" id="1256390">VUL-0: gpg2: gpg.fail/notdash: Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG</issue>
  <issue tracker="bnc" id="1256246">VUL-0: gpg2: gpg.fail/sha1: GnuPG may downgrade digest algorithm to SHA1 during key signature checking</issue>
  <issue tracker="bnc" id="1255715">VUL-0: CVE-2025-68973: gpg2: gpg.fail/memcpy: Memory Corruption in ASCII-Armor Parsing</issue>
  <issue tracker="bnc" id="1256244">VUL-0: gpg2: gpg.fail/detached: Error out on unverified output for non-detached signatures</issue>
  <issue tracker="cve" id="2025-68973"/>
  <packager>ayankov</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for gpg2</summary>
  <description>This update for gpg2 fixes the following issues:

- CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715).
- Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246).
- Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244).
- Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places