oss-sec mailing list archives
Re: Many vulnerabilities in GnuPG
From: Demi Marie Obenour <demiobenour () gmail com>
Date: Sun, 28 Dec 2025 20:59:31 -0500
On 12/28/25 05:00, Sam James wrote:
Demi Marie Obenour <demiobenour () gmail com> writes:https://gpg.fail lists many vulnerabilities in GnuPG, one of which allows remote code execution.All are zero-days to the best of my knowledge.In 2.5.14:
Fedora isn't running 2.5.14 even in Rawhide. It's a zero-day for Fedora users at least. Upstream GnuPG is increasingly unwilling to collaborate with other OpenPGP implementations, and distros are having to patch GnuPG just to restore interoperability. If possible, it would be best for distros to either outright fork the project and create a new upstream, or stop packaging GnuPG entirely in favor of Sequoia's compatibility layer. -- Sincerely, Demi Marie Obenour (she/her/hers)
Attachment:
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Many vulnerabilities in GnuPG, (continued)
- Re: Many vulnerabilities in GnuPG Andreas Metzler (Dec 29)
- Re: Many vulnerabilities in GnuPG Peter Gutmann (Dec 29)
- Re: Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 30)
- Re: Many vulnerabilities in GnuPG Peter Gutmann (Dec 30)
- Re: Many vulnerabilities in GnuPG Henrik Ahlgren (Dec 30)
- Re: Many vulnerabilities in GnuPG Collin Funk (Dec 30)
- Re: Many vulnerabilities in GnuPG Peter Gutmann (Dec 31)
- Re: Many vulnerabilities in GnuPG Jacob Bachmeyer (Dec 30)
- Re: Many vulnerabilities in GnuPG Jeffrey Walton (Dec 28)
- Re: Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 28)
- Re: Many vulnerabilities in GnuPG Stephan Verbücheln (Dec 29)
- Re: Many vulnerabilities in GnuPG Alan Coopersmith (Dec 30)
- Re: Many vulnerabilities in GnuPG Neal Gompa (Dec 29)