Description

Noteworthy changes in version 2.4.9 (2025-12-30)

gpg: Fix possible memory corruption in the armor parser. [T7906]
gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures. [rGddb012be7f, T7904]
gpg: Error out on unverified output for non-detached signatures. [rG9d302f978b]
gpg: Do not allow compressed key packets on import. [T7014]
scd: Fix a harmless read buffer over-read in a function used by PKCS#15 cards. [T7662]
dirmngr: Do not require a keyserver for "gpg --fetch-key". [T7693]
agent: Fix ssh-agent's request_identities for skipped Brainpool keys. [rG6bf5696c85]

(prev: T7428 next: end-of-life)

Related Objects

Mentioned In: T7428: Release GnuPG 2.4.8
Mentioned Here: T7904: GnuPG may downgrade digest algorithm to SHA1
rG6bf5696c8578: agent: Fix ssh-agent's request_identities for skipped keys.
rGddb012be7fe2: gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures.
rG9d302f978bd7: gpg: Error out on unverified output for non-detached signatures.
T7014: agent: Enhancement of PKDECRYPT for KEM interface
T7428: Release GnuPG 2.4.8
T7662: GPG's uncompress_ecc_q_in_canon_sexp reads past a constant string into rodata
T7693: `gpg --fetch-keys` fails because of missing keyserver
T7906: Memory Corruption in ASCII-Armor Parsing

• werner triaged this task as Normal priority.Tue, Dec 30, 1:48 PM

• werner created this task.

• werner created this object with edit policy "Administrators".

• werner updated the task description. (Show Details)