gnupg: fix CVE-2025-30258 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2025-07-22 16:16:29 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-07-30 07:47:48 -0700
commit	87e1bc09cabe609981d5ee7ea4919755e2072ad9 (patch)
tree	5458aab689c389ee58dfc9e069e0bb0348b21d65 /documentation/dev-manual/python-development-shell.rst
parent	db3621b9837ae1efe7c30e359e5a64a4ca1cbbd2 (diff)
download	poky-87e1bc09cabe609981d5ee7ea4919755e2072ad9.tar.gz

gnupg: fix CVE-2025-30258

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." CVE-2025-30258-0002 is the dependent commit while rest are CVE fixes. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-30258 Upstream patches: https://dev.gnupg.org/rG25d748c3dfc0102f9e54afea59ff26b3969bd8c1 https://dev.gnupg.org/rG9cd371b12d80cfc5bc85cb6e5f5eebb4decbe94f https://dev.gnupg.org/rGda0164efc7f32013bc24d97b9afa9f8d67c318bb https://dev.gnupg.org/rG1e581619bf5315957f2be06b3b1a7f513304c126 https://dev.gnupg.org/rG4be25979a6b3e2a79d7c9667b07db8b09fb046e9 (From OE-Core rev: 467081219407cd30bcc9e575bedcb127b6bcea65) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'documentation/dev-manual/python-development-shell.rst')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: