UbuntuUpdates.org

Package "gpgv2"

Name: gpgv2

Description:

GNU privacy guard - signature verification tool (dummy transitional package)
Latest version: 2.2.19-3ubuntu2.5
Release: focal (20.04)
Level: updates
Repository: universe
Head package: gnupg2
Homepage: https://www.gnupg.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "gpgv2"

All arch deb package
APT INSTALL

Other versions of "gpgv2" in Focal

Repository Area Version
base universe 2.2.19-3ubuntu2
security universe 2.2.19-3ubuntu2.5

Changelog

Version: 2.2.19-3ubuntu2.5 2025-07-07 21:07:05 UTC

  gnupg2 (2.2.19-3ubuntu2.5) focal-security; urgency=medium

  * debian/patches/fix-key-validity-regression-due-to-CVE-2025-
    30258.patch:
    - Fix a key validity regression following patches for CVE-2025-30258,
      causing trusted "certify-only" primary keys to be ignored when checking
      signature on user IDs and computing key validity. This regression makes
      imported keys signed by a trusted "certify-only" key have an unknown
      validity (LP: #2114775).

 -- dcpi <dcpi@u22vm> Thu, 26 Jun 2025 16:57:26 +0000
Source diff to previous version
2114775 Key validity not computed when key is certified by a trusted \
CVE-2025-30258 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect us

Version: 2.2.19-3ubuntu2.4 2025-04-03 18:07:05 UTC

  gnupg2 (2.2.19-3ubuntu2.4) focal-security; urgency=medium

  * SECURITY UPDATE: verification DoS via crafted subkey data
    - debian/patches/CVE-2025-30258-1.patch: lookup key for merging/
      inserting only by primary key in g10/getkey.c, g10/import.c,
      g10/keydb.h.
    - debian/patches/CVE-2025-30258-2.patch: remove a signature check
      function wrapper in g10/mainproc.c, g10/packet.h, g10/sig-check.c.
    - debian/patches/CVE-2025-30258-3.patch: fix a verification DoS due to
      a malicious subkey in the keyring in g10/getkey.c, g10/keydb.h,
      g10/mainproc.c, g10/packet.h, g10/sig-check.c, g10/pkclist.c.
    - debian/patches/CVE-2025-30258-4.patch: fix regression for the recent
      malicious subkey DoS fix in g10/getkey.c, g10/packet.h.
    - debian/patches/CVE-2025-30258-5.patch: fix double free of internal
      data in g10/sig-check.c.
    - CVE-2025-30258

 -- Marc Deslauriers <email address hidden> Sat, 29 Mar 2025 12:35:54 -0400
Source diff to previous version
CVE-2025-30258 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect us

Version: 2.2.19-3ubuntu2.2 2022-07-05 21:46:12 UTC

  gnupg2 (2.2.19-3ubuntu2.2) focal-security; urgency=medium

  * SECURITY UPDATE: signature forgery via injection into the status line
    - debian/patches/CVE-2022-34903.patch: Fix garbled status messages in
      NOTATION_DATA in g10/cpr.c.
    - CVE-2022-34903

 -- Marc Deslauriers <email address hidden> Mon, 04 Jul 2022 12:20:36 -0400
Source diff to previous version
CVE-2022-34903 GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g.

Version: 2.2.19-3ubuntu2.1 2021-02-15 11:06:23 UTC

  gnupg2 (2.2.19-3ubuntu2.1) focal; urgency=medium

  * d/p/dirmngr-handle-EAFNOSUPPORT-at-connect_server.patch:
    - Fix IPv6 connectivity for dirmngr (LP: #1910432)

 -- Heitor Alves de Siqueira <email address hidden> Wed, 06 Jan 2021 18:10:35 +0000
1910432 dirmngr doesn't work with kernel parameter ipv6.disable=1


About   -   Send Feedback to @ubuntu_updates