Package: gpg Version: 2.2.46-4 Severity: serious Control: notfound -1 2.2.46-3 Control: affects -1 + libgnupg-interface-perl Control: forwarded -1 https://dev.gnupg.org/T7547#198934
The fix for #1099141 introduced a new regression in the behavior of GnuPG when evaluating certifications from expired OpenPGP certificates. I've reported the problem upstream on T7547, where the attempts to mitigate the side effects of fixing the verification DoS: https://dev.gnupg.org/T7547#198934 GnuPG should probaby not migrate into testing until this part is also resolved. --dkg -- System Information: Debian Release: trixie/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.12.12-amd64 (SMP w/20 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gpg depends on: ii gpgconf 2.2.46-4 ii libassuan9 3.0.2-2 ii libbz2-1.0 1.0.8-6 ii libc6 2.40-7 ii libgcrypt20 1.11.0-7 ii libgpg-error0 1.51-3 ii libreadline8t64 8.2-6 ii libsqlite3-0 3.46.1-1 ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1 Versions of packages gpg recommends: ii gnupg 2.2.46-4 gpg suggests no packages. -- no debconf information
signature.asc
Description: PGP signature
