CLSA-2026-1776159098

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1776159098.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1776159098

Upstream

CVE-2025-30258

Published

2026-04-14T09:31:43Z

Modified

2026-06-04T09:45:18.467178134Z

Summary

Fix CVE(s): CVE-2025-30258

Details

SECURITY UPDATE: signature verification DoS via malicious subkey
- debian/patches/CVE-2025-30258.patch: require signing usage when looking up public key for signature verification, filtering out subkeys without valid backsig. Include upstream regression fixes to preserve verification of signatures from expired/revoked keys. Widen pubkeyusage and requsage fields from byte to u16 to prevent PUBKEYUSAGEVERIFY (16384) from being truncated on GnuPG 2.2.x. Add primary-key-only lookup during import to prevent malicious subkey attack at import time. Fix double-free in checksignatureoverkeyor_uid when signer is caller-owned.
- CVE-2025-30258

References

https://errata.tuxcare.com/els_os/debian10els/CLSA-2026-1776159098.html

Affected packages

TuxCare:Debian:10

dirmngr

Package

Name: dirmngr
Purl: pkg:deb/tuxcare/dirmngr?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.12-1+deb10u2+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1776159098.json"

gnupg

Package

Name: gnupg
Purl: pkg:deb/tuxcare/gnupg?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.12-1+deb10u2+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1776159098.json"

gnupg-agent

Package

Name: gnupg-agent
Purl: pkg:deb/tuxcare/gnupg-agent?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.12-1+deb10u2+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1776159098.json"

gnupg-l10n

Package

Name: gnupg-l10n
Purl: pkg:deb/tuxcare/gnupg-l10n?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.12-1+deb10u2+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1776159098.json"

gnupg-utils

Package

Name: gnupg-utils
Purl: pkg:deb/tuxcare/gnupg-utils?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.12-1+deb10u2+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1776159098.json"

gnupg2

Package

Name: gnupg2
Purl: pkg:deb/tuxcare/gnupg2?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.12-1+deb10u2+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1776159098.json"

gpg

Package

Name: gpg
Purl: pkg:deb/tuxcare/gpg?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.12-1+deb10u2+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1776159098.json"

gpg-agent

Package

Name: gpg-agent
Purl: pkg:deb/tuxcare/gpg-agent?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.12-1+deb10u2+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1776159098.json"

gpg-wks-client

Package

Name: gpg-wks-client
Purl: pkg:deb/tuxcare/gpg-wks-client?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.12-1+deb10u2+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1776159098.json"

gpg-wks-server

Package

Name: gpg-wks-server
Purl: pkg:deb/tuxcare/gpg-wks-server?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.12-1+deb10u2+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1776159098.json"

gpgconf

Package

Name: gpgconf
Purl: pkg:deb/tuxcare/gpgconf?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.12-1+deb10u2+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1776159098.json"

gpgsm

Package

Name: gpgsm
Purl: pkg:deb/tuxcare/gpgsm?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.12-1+deb10u2+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1776159098.json"

gpgv

Package

Name: gpgv
Purl: pkg:deb/tuxcare/gpgv?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.12-1+deb10u2+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1776159098.json"

gpgv-static

Package

Name: gpgv-static
Purl: pkg:deb/tuxcare/gpgv-static?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.12-1+deb10u2+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1776159098.json"

gpgv-win32

Package

Name: gpgv-win32
Purl: pkg:deb/tuxcare/gpgv-win32?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.12-1+deb10u2+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1776159098.json"

gpgv2

Package

Name: gpgv2
Purl: pkg:deb/tuxcare/gpgv2?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.12-1+deb10u2+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1776159098.json"

scdaemon

Package

Name: scdaemon
Purl: pkg:deb/tuxcare/scdaemon?distro=debian-10

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.12-1+deb10u2+tuxcare.els2

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1776159098.json"