{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "dirmngr", "gnupg", "gnupg-l10n", "gnupg-utils", "gpg", "gpg-agent", "gpg-wks-client", "gpg-wks-server", "gpgconf", "gpgsm", "gpgv" ] } }, "diff": { "deb": [ { "name": "dirmngr", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gnupg", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gnupg-l10n", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gnupg-utils", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpg", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpg-agent", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpg-wks-client", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpg-wks-server", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpgconf", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpgsm", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gpgv", "from_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.4", "version": "2.2.27-3ubuntu2.4" }, "to_version": { "source_package_name": "gnupg2", "source_package_version": "2.2.27-3ubuntu2.5", "version": "2.2.27-3ubuntu2.5" }, "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-68973", "url": "https://ubuntu.com/security/CVE-2025-68973", "cve_description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cve_priority": "high", "cve_public_date": "2025-12-28 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Remote Code Execution", " - debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory", " corruption in the armor parser.", " - CVE-2025-68973", "" ], "package": "gnupg2", "version": "2.2.27-3ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Allen Huang ", "date": "Mon, 05 Jan 2026 22:14:39 +0000" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from daily image serial 20260107 to 20260108", "from_series": "jammy", "to_series": "jammy", "from_serial": "20260107", "to_serial": "20260108", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }