Am Freitag 07 März 2025 15:21:21 schrieb Werner Koch via Gnupg-users: > * gpg: Fix a verification DoS due to a malicious subkey in the > keyring. [T7527]
Someone assigned a low/medium CVE number for this vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2025-30258 As 2.4 stable has gotten the fix, I assume 2.4.7 is vulnerable as well. https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=shortlog;h=refs/heads/STABLE-BRANCH-2-4 What is the timeline for releasing 2.4.8? Best Regards Bernhard -- https://intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
