[Git][security-tracker-team/security-tracker][master] initial gnupg2 CVE (with more to come)

Sun Dec 28 10:27:30 GMT 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b3241a8 by Moritz Mühlenhoff at 2025-12-28T11:26:48+01:00
initial gnupg2 CVE (with more to come)

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,6 @@
 CVE-2025-68972 (In GnuPG through 2.4.8, if a signed message has \f at the end of a pla ...)
-	TODO: check
+	- gnupg2 <unfixed>
+	NOTE: https://gpg.fail/formfeed
 CVE-2025-15126 (A weakness has been identified in JeecgBoot up to 3.9.0. Affected by t ...)
 	TODO: check
 CVE-2025-15125 (A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -28,6 +28,8 @@ gimp (jmm)
 --
 git-lfs
 --
+gnupg2
+--
 jackson-core
 --
 libreswan/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b3241a8b75bc304926c40ca3faaf9531023210b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b3241a8b75bc304926c40ca3faaf9531023210b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251228/6833e375/attachment-0001.htm>
