[SECURITY] Fedora 44 Update: rust-sequoia-sop-0.37.3-4.fc44

An implementation of the Stateless OpenPGP Interface using Sequoia...

ROOT-APP-NPM-CVE-2025-47934 CVE-2025-47934 in @rootio/openpgp - Patched by Root

Root has patched CVE-2025-47934 in the @rootio/openpgp package for Root:npm. Multiple fixed versions available...

[SECURITY] Fedora 43 Update: rust-sequoia-openpgp-2.3.0-1.fc43

OpenPGP data types and associated machinery...

[SECURITY] Fedora 42 Update: rust-sequoia-sop-0.37.3-3.fc42

An implementation of the Stateless OpenPGP Interface using Sequoia...

[SECURITY] Fedora 42 Update: rust-sequoia-openpgp-2.3.0-1.fc42

OpenPGP data types and associated machinery...

Fedora 43 : rust-rpm-sequoia / rust-sequoia-chameleon-gnupg / rust-sequoia-git / etc (2026-38d57d2e7a)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-38d57d2e7a advisory. Update sequoia-openpgp to version 2.3.0. This includes three security relevant fixes assigned CVE-2026-42783, CVE-2026-42784, and CVE-not-...

Fedora 42 : rust-rpm-sequoia / rust-sequoia-chameleon-gnupg / rust-sequoia-git / etc (2026-8df732be8a)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-8df732be8a advisory. Update sequoia-openpgp to version 2.3.0. This includes three security relevant fixes assigned CVE-2026-42783, CVE-2026-42784, and CVE-not-...

CVE-2026-42784

openpgp: Dont imply missing key flags from key type...

UBUNTU-CVE-2026-42784

openpgp: Dont imply missing key flags from key type...

Linux Distros Unpatched Vulnerability : CVE-2026-42784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - rust-sequoia-openpgp - None Ubuntu Linux - openpgp: Don't imply missing key flags from key type CVE-2026-42784 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2026-42783

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - rust-sequoia-openpgp - None Ubuntu Linux - openpgp: Don't imply missing key flags from key type CVE-2026-42783 Note that Nessus relies on the...

CVE-2026-42783

openpgp: Dont imply missing key flags from key type...

UBUNTU-CVE-2026-42783

openpgp: Dont imply missing key flags from key type...

Astra Linux - уязвимость в thunderbird

Certain crafted MIME email messages that claimed to contain encrypted OpenPGP messages actually contained an OpenPGP-signed message. These messages were incorrectly displayed as encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

Astra Linux - уязвимость в thunderbird

An attacker may carry out a DoS attack to prevent a user from sending encrypted emails to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self-signature, and the Thunderbird user imports the crafted key, then Thunderbird may attempt to use the inval...

Astra Linux - уязвимость в thunderbird

OpenPGP secret keys that were imported using Thunderbird versions 78.8.1 up to 78.10.1 were stored unencrypted on the user’s local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automaticall...

Astra Linux - уязвимость в thunderbird

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email, which was formatted and styled using HTML and CSS, the decrypted contents were displayed in a context where the CSS styles from the outer messages remained active. If...

Astra Linux - уязвимость в opensc

A heap-based buffer overflow vulnerability was discovered in the libopensc OpenPGP driver. A specially crafted USB device or smart card, containing malicious responses to APDUs during the card enrollment process using the pkcs15-init tool, may lead to unauthorized access, potentially resulting in...

Astra Linux - уязвимость в thunderbird

An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email’s date will be displayed. If the dates are different, then Thunderbird does not report the email as having an invalid signature. I...

Fedora 44 : rust-podman-sequoia / rust-rpm-sequoia / etc (2026-5619c60e85)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-5619c60e85 advisory. Update sequoia-openpgp to version 2.3.0. This includes three security relevant fixes assigned CVE-2026-42783, CVE-2026-42784, and CVE-not-...