Control: tag -1 confirmed

Hi,

d-i ack needed for the udeb but as far as I'm concerned please go ahead.

Thanks,

On Sun, Jul 05, 2026 at 01:28:12PM +0200, Andreas Metzler wrote:
> Package: release.debian.org
> Severity: normal
> Tags: trixie
> X-Debbugs-Cc: [email protected], Salvatore Bonaccorso 
> <[email protected]>, Andreas Metzler <[email protected]>
> Control: affects -1 + src:gnupg2
> User: [email protected]
> Usertags: pu
> 
> Hello,
> 
> I would like to fox the non-DSA CVE-2026-57062 for trixie:
> CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through
> 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is
> supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related
> to CVE-2026-34182.
> 
> This was fixed for sid/forky in 2.4.9-5. The respective patch applies
> unchanged to the trixie version.
> 
> Since gnupg2 builds a udeb I suspect I might be too late for the next
> point release.
> 
> [ Checklist ]
>   [x] *all* changes are documented in the d/changelog
>   [x] I reviewed all changes and I approve them
>   [x] attach debdiff against the package in (old)stable
>   [x] the issue is verified as fixed in unstable
> 
> cu Andreas
> -- 
> "You people are noisy," Nia said.
> I made the gesture of agreement.

> diff --git a/debian/changelog b/debian/changelog
> index 786180728..6617da515 100644
> --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,5 +1,14 @@
> +gnupg2 (2.4.7-21+deb13u2) trixie; urgency=medium
> +
> +  * Fix CVE-2026-57062.
> +    CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through
> +    2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is
> +    supposed to be 12 bytes but 4 bytes is accepted.
> +
> + -- Andreas Metzler <[email protected]>  Sun, 05 Jul 2026 13:16:48 +0200
> +
>  gnupg2 (2.4.7-21+deb13u1) trixie; urgency=high
>  
>    * Avoid potential downgrade to SHA1 in 3rd party key signatures.
>      https://gpg.fail/sha1 #12
>      Patch from STABLE-BRANCH-2-4
> diff --git 
> a/debian/patches/from-master/0004-gpgsm-Require-a-minimum-tag-length-for-GCM-decryptio.patch
>  
> b/debian/patches/from-master/0004-gpgsm-Require-a-minimum-tag-length-for-GCM-decryptio.patch
> new file mode 100644
> index 000000000..be629b0ee
> --- /dev/null
> +++ 
> b/debian/patches/from-master/0004-gpgsm-Require-a-minimum-tag-length-for-GCM-decryptio.patch
> @@ -0,0 +1,45 @@
> +From 4c7e68cf3d335328821bdbb70db309a60d0e4fd4 Mon Sep 17 00:00:00 2001
> +From: Werner Koch <[email protected]>
> +Date: Thu, 18 Jun 2026 10:51:34 +0200
> +Subject: [PATCH] gpgsm: Require a minimum tag length for GCM decryption.
> +
> +* sm/decrypt.c (gpgsm_decrypt): Require a minimum authtaglen.
> +--
> +
> +Reported-by: Thai Duong <[email protected]>
> +CVE-id: CVE-2026-57062
> +---
> + sm/decrypt.c | 9 ++++++++-
> + 1 file changed, 8 insertions(+), 1 deletion(-)
> +
> +diff --git a/sm/decrypt.c b/sm/decrypt.c
> +index 20fb96060..92a33c6e6 100644
> +--- a/sm/decrypt.c
> ++++ b/sm/decrypt.c
> +@@ -1443,15 +1443,22 @@ gpgsm_decrypt (ctrl_t ctrl, estream_t in_fp, 
> estream_t out_fp)
> +               if (rc)
> +                 {
> +                   log_error ("error getting authtag: %s\n", gpg_strerror 
> (rc));
> +                   goto leave;
> +                 }
> +               if (DBG_CRYPTO)
> +                 log_printhex (authtag, authtaglen, "Authtag ...:");
> +-              rc = gcry_cipher_checktag (dfparm.hd, authtag, authtaglen);
> ++              if (authtaglen < 12)
> ++                {
> ++                  log_info ("authentication tag is too short (%zu 
> octets)\n",
> ++                            authtaglen);
> ++                  rc = gpg_error (GPG_ERR_CHECKSUM);
> ++                }
> ++              else
> ++                rc = gcry_cipher_checktag (dfparm.hd, authtag, authtaglen);
> +               xfree (authtag);
> +               if (rc)
> +                 log_error ("data is not authentic: %s\n", gpg_strerror 
> (rc));
> +               goto leave;
> +             }
> +         }
> +     }
> +-- 
> +2.53.0
> +
> diff --git a/debian/patches/series b/debian/patches/series
> index 3b42e1375..501b4657b 100644
> --- a/debian/patches/series
> +++ b/debian/patches/series
> @@ -34,10 +34,11 @@ 
> from-master/gpg-agent-idling/0005-agent-Better-interaction-between-main-loop-and
>  
> from-master/gpg-agent-idling/0006-agent-Introduce-management-of-timer-to-expire-cache-.patch
>  from-master/gpg-agent-idling/0007-agent-Fix-the-previous-commit.patch
>  from-master/gpg-agent-idling/0008-agent-Fix-timer-list-management.patch
>  from-master/gpg-agent-idling/0009-agent-Fix-sock_inotify_fd-handling.patch
>  
> from-master/gpg-agent-idling/0010-agent-Fix-timer-round-up-check-when-inserting-an-ent.patch
> +from-master/0004-gpgsm-Require-a-minimum-tag-length-for-GCM-decryptio.patch
>  Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch
>  debian-packaging/Build-regexp-against-debian-s-unicode-data-package.patch
>  
> debian-packaging/Always-build-common-status-codes.h-and-common-audit-event.patch
>  do-not-install-gnutls.7.html.to.mandir.diff
>  gpg-agent.socket-Set-GPG_AGENT_INFO-in-systemd-for-g.patch




-- 
Jonathan Wiltshire                                      [email protected]
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Reply via email to