Source: gnupg2 Version: 2.4.8-4 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 2.4.7-21 Control: found -1 2.2.40-1.1+deb12u1 Control: found -1 2.2.40-1.1
Hi, The following vulnerability was published for gnupg2. CVE-2025-68973[0]: | In GnuPG through 2.4.8, armor_filter in g10/armor.c has two | increments of an index variable where one is intended, leading to an | out-of-bounds write for crafted input. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-68973 https://www.cve.org/CVERecord?id=CVE-2025-68973 [1] https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9 Regards, Salvatore
