oss-sec mailing list archives

Re: Many vulnerabilities in GnuPG

From: Andreas Metzler <ametzler () bebt de>
Date: Mon, 29 Dec 2025 15:45:15 +0100

Stephan Verbücheln <stephan ()    buecheln ch> wrote:

The RCE bug was actually fixed as they already state in their slides.

https://github.com/gpg/gnupg/commit/ad0c6c33c3d6fe7ff7cc8c2e73d02ead5788e5b3


This commit seems to be related to #3 https://gpg.fail/filename while
the RCE is #5 https://gpg.fail/memcpy aka CVE-2025-68973, isn't it?

cu Andreas

Current thread:

Re: safe use of cleartext signatures?, (continued)
- - - Re: safe use of cleartext signatures? Werner Koch (Dec 31)
    - Re: Many vulnerabilities in GnuPG Lexi Groves (49016) (Dec 29)
    - Re: Many vulnerabilities in GnuPG Henrik Ahlgren (Dec 29)
    - Re: Many vulnerabilities in GnuPG Sam James (Dec 29)
    - Re: Many vulnerabilities in GnuPG Jacob Bachmeyer (Dec 30)
    - Re: Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 30)
    - Re: Many vulnerabilities in GnuPG Sam James (Dec 30)
    - Re: Many vulnerabilities in GnuPG Jeffrey Walton (Dec 30)
  - Re: Many vulnerabilities in GnuPG Sam James (Dec 28)
- Re: Many vulnerabilities in GnuPG Stephan Verbücheln (Dec 28)
  - Re: Many vulnerabilities in GnuPG Andreas Metzler (Dec 29)
  - Re: Many vulnerabilities in GnuPG Peter Gutmann (Dec 29)
    - Re: Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 30)
    - Re: Many vulnerabilities in GnuPG Peter Gutmann (Dec 30)
    - Re: Many vulnerabilities in GnuPG Henrik Ahlgren (Dec 30)
    - Re: Many vulnerabilities in GnuPG Collin Funk (Dec 30)
    - Re: Many vulnerabilities in GnuPG Peter Gutmann (Dec 31)
    - Re: Many vulnerabilities in GnuPG Jacob Bachmeyer (Dec 30)
- Re: Many vulnerabilities in GnuPG Sam James (Dec 28)
  - Re: Many vulnerabilities in GnuPG Jeffrey Walton (Dec 28)
  - Re: Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 28)

(Thread continues...)