[ubuntu/jammy-security] gnupg2 2.2.27-3ubuntu2.3 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Apr 3 12:07:12 UTC 2025
gnupg2 (2.2.27-3ubuntu2.3) jammy-security; urgency=medium
* SECURITY UPDATE: verification DoS via crafted subkey data
- debian/patches/CVE-2025-30258-1.patch: lookup key for merging/
inserting only by primary key in g10/getkey.c, g10/import.c,
g10/keydb.h.
- debian/patches/CVE-2025-30258-2.patch: remove a signature check
function wrapper in g10/mainproc.c, g10/packet.h, g10/sig-check.c.
- debian/patches/CVE-2025-30258-3.patch: fix a verification DoS due to
a malicious subkey in the keyring in g10/getkey.c, g10/keydb.h,
g10/mainproc.c, g10/packet.h, g10/sig-check.c, g10/pkclist.c.
- debian/patches/CVE-2025-30258-4.patch: fix regression for the recent
malicious subkey DoS fix in g10/getkey.c, g10/packet.h.
- debian/patches/CVE-2025-30258-5.patch: fix double free of internal
data in g10/sig-check.c.
- CVE-2025-30258
Date: 2025-03-30 14:16:14.275988+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/gnupg2/2.2.27-3ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list