oss-sec mailing list archives

Re: Many vulnerabilities in GnuPG

From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Tue, 30 Dec 2025 09:42:14 -0800

On 12/29/25 01:15, Stephan Verbücheln wrote:

GnuPG follows a traditional versioning scheme where even numbers (e.g.
2.2 and 2.4) are release branches and odd numbers (2.3 and 2.5) are
developer branches. So what we have to wait for is 2.4.9 fixing the
vulnerabilities.


Is that still true?

https://gnupg.org/ states:

  Note that the 2.5 series is now declared the stable version of GnuPG.
  Be aware that the oldstable 2.4 series will reach end-of-life in just
  6 months.

--
        -Alan Coopersmith-                 alan.coopersmith () oracle com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Current thread:

Re: Many vulnerabilities in GnuPG, (continued)
- - - Re: Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 30)
    - Re: Many vulnerabilities in GnuPG Peter Gutmann (Dec 30)
    - Re: Many vulnerabilities in GnuPG Henrik Ahlgren (Dec 30)
    - Re: Many vulnerabilities in GnuPG Collin Funk (Dec 30)
    - Re: Many vulnerabilities in GnuPG Peter Gutmann (Dec 31)
    - Re: Many vulnerabilities in GnuPG Jacob Bachmeyer (Dec 30)
- Re: Many vulnerabilities in GnuPG Sam James (Dec 28)
  - Re: Many vulnerabilities in GnuPG Jeffrey Walton (Dec 28)
  - Re: Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 28)
    - Re: Many vulnerabilities in GnuPG Stephan Verbücheln (Dec 29)
    - Re: Many vulnerabilities in GnuPG Alan Coopersmith (Dec 30)
    - Re: Many vulnerabilities in GnuPG Neal Gompa (Dec 29)