Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <878qemkf9m.fsf@gentoo.org>
Date: Sun, 28 Dec 2025 11:38:29 +0000
From: Sam James <sam@...too.org>
To: oss-security@...ts.openwall.com
Cc: contact@....fail
Subject: Re: Many vulnerabilities in GnuPG

Solar Designer <solar@...nwall.com> writes:

> On Sat, Dec 27, 2025 at 07:29:53PM -0500, Demi Marie Obenour wrote:
>> https://gpg.fail lists many vulnerabilities in GnuPG, one of which
>> allows remote code execution.  All are zero-days to the best of
>> my knowledge.
>
> Thanks.  I wish this were brought in here by the researchers, but since
> it was not and since we require actual content here (not just links),

Indeed. I'll note that several of the vulnerability pages (say
https://gpg.fail/sha1) have:

> Upcoming Timeline:
> [...]
> 21.12.2025: Disclosure of this report on https://seclists.org/fulldisclosure/

But I've not been able to find such a report there either.

Download attachment "signature.asc" of type "application/pgp-signature" (419 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.