oss-security - Re: Many vulnerabilities in GnuPG

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <7e2a3dd1-c5ef-467d-be1a-a39c5135d5b6@oracle.com>
Date: Tue, 30 Dec 2025 09:42:14 -0800
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com,
        Stephan Verbücheln <stephan@...buecheln.ch>
Subject: Re: Many vulnerabilities in GnuPG

On 12/29/25 01:15, Stephan Verbücheln wrote:
> GnuPG follows a traditional versioning scheme where even numbers (e.g.
> 2.2 and 2.4) are release branches and odd numbers (2.3 and 2.5) are
> developer branches. So what we have to wait for is 2.4.9 fixing the
> vulnerabilities.

Is that still true?

https://gnupg.org/ states:

   Note that the 2.5 series is now declared the stable version of GnuPG.
   Be aware that the oldstable 2.4 series will reach end-of-life in just
   6 months.

-- 
         -Alan Coopersmith-                 alan.coopersmith@...cle.com
          Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.