[scarthgap] gnupg: mark CVE-2025-30258 as patched

Message ID	20251014213423.587231-1-peter.marko@siemens.com
State	New
Headers	show Return-Path: <peter.marko@siemens.com> ip: 185.136.65.227, mailfrom: fm-256628-202510142134399d3d28d9fd00020704-yjcy6g@rts-flowmailer.siemens.com) From: Peter Marko <peter.marko@siemens.com> To: openembedded-core@lists.openembedded.org Cc: Peter Marko <peter.marko@siemens.com> Subject: [OE-core][scarthgap][PATCH] gnupg: mark CVE-2025-30258 as patched Date: Tue, 14 Oct 2025 23:34:23 +0200 Message-Id: <20251014213423.587231-1-peter.marko@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Feedback-ID: 519:519-256628:519-21489:flowmailer
Series	[scarthgap] gnupg: mark CVE-2025-30258 as patched \| expand [scarthgap] gnupg: mark CVE-2025-30258 as patched

Message ID

20251014213423.587231-1-peter.marko@siemens.com

State

New

Headers

From: Peter Marko <peter.marko@siemens.com>
To: openembedded-core@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [OE-core][scarthgap][PATCH] gnupg: mark CVE-2025-30258 as patched
Date: Tue, 14 Oct 2025 23:34:23 +0200
Message-Id: <20251014213423.587231-1-peter.marko@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Feedback-ID: 519:519-256628:519-21489:flowmailer

Series

[scarthgap] gnupg: mark CVE-2025-30258 as patched | expand

Commit Message

Peter Marko Oct. 14, 2025, 9:34 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

Per NVD report [1] this CVE is fixed by [2].
This commit was backported to 2.4.8 via [3].

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-30258
[2] https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158
[3] https://gitlab.com/freepg/gnupg/-/commit/da0164efc7f32013bc24d97b9afa9f8d67c318bb

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-support/gnupg/gnupg_2.4.8.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-support/gnupg/gnupg_2.4.8.bb b/meta/recipes-support/gnupg/gnupg_2.4.8.bb
index 9c5de263c56..a6e777abf89 100644
--- a/meta/recipes-support/gnupg/gnupg_2.4.8.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.4.8.bb
@@ -82,3 +82,4 @@  BBCLASSEXTEND = "native nativesdk"
 lcl_maybe_fortify:mipsarch = ""
 
 CVE_STATUS[CVE-2022-3219] = "upstream-wontfix: Upstream doesn't seem to be keen on merging the proposed commit - https://dev.gnupg.org/T5993"
+CVE_STATUS[CVE-2025-30258] = "cpe-stable-backport: fir for this CVE was backported to version 2.4.8"

[scarthgap] gnupg: mark CVE-2025-30258 as patched

Commit Message

Patch