[pkg-gnupg-maint] Bug#1100990: gnupg2: CVE-2025-30258
Andreas Metzler
ametzler at bebt.de
Sat Mar 22 14:15:02 GMT 2025
On 2025-03-21 Moritz Mühlenhoff <jmm at inutil.org> wrote:
[...]
> The following vulnerability was published for gnupg2.
> CVE-2025-30258[0]:
> | In GnuPG before 2.5.5, if a user chooses to import a certificate
> | with certain crafted subkey data that lacks a valid backsig or that
> | has incorrect usage flags, the user loses the ability to verify
> | signatures made from certain other signing keys, aka a "verification
> | DoS."
[...]
At first glance this probably does not warrant a DSA and can be fixed
with a stable update.
cu Andreas
More information about the pkg-gnupg-maint
mailing list