[ubuntu/noble-security] gnupg2 2.4.4-2ubuntu17.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Apr 3 12:07:10 UTC 2025
gnupg2 (2.4.4-2ubuntu17.2) noble-security; urgency=medium
* SECURITY UPDATE: verification DoS via crafted subkey data
- debian/patches/CVE-2025-30258-1.patch: lookup key for merging/
inserting only by primary key in g10/getkey.c, g10/import.c,
g10/keydb.h.
- debian/patches/CVE-2025-30258-2.patch: remove a signature check
function wrapper in g10/mainproc.c, g10/packet.h, g10/sig-check.c.
- debian/patches/CVE-2025-30258-3.patch: fix a verification DoS due to
a malicious subkey in the keyring in g10/getkey.c, g10/gpg.h,
g10/keydb.h, g10/mainproc.c, g10/packet.h, g10/sig-check.c.
- debian/patches/CVE-2025-30258-4.patch: fix regression for the recent
malicious subkey DoS fix in g10/getkey.c, g10/packet.h.
- debian/patches/CVE-2025-30258-5.patch: fix double free of internal
data in g10/sig-check.c.
- CVE-2025-30258
Date: 2025-03-30 14:21:26.540219+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/gnupg2/2.4.4-2ubuntu17.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list