GnuPG ticket T7900 (was: Many vulnerabilities in GnuPG)

[Werner Koch <wk () gnupg org>]

Hi!

On Mon, 29 Dec 2025 10:51, Werner Koch said:

> https://dev.gnupg.org/T7900 which is the parent ticket for all these

Unfortunately this ticket and some other tickets where only accessible
by registered users or even more restricted.  This is now fixed [1].

FWIW, here is a replyt which I posted on Mastodon:

  Actually there is only one major bug (T7906 - armor parser) which was
  fixed early November. T7901 requires a 2nd pre-image attack on SHA1 -
  which does not yet exist.  T7907 (plaintext recovery) is simply
  untrue; see https://dev.gnupg.org/T7907#210501

  BTW, of course we sign our commits and most of us even use hardware
  tokens.


Shalom-Salam,

   Werner


[1] Phabricator has a two-level permission system and in the web
    interface only the first level is easy to see in the overview.  Some
    of us played it safe and restricted at both levels.
-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein

Attachment: openpgp-digital-signature.asc
Description: