Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], Salvatore Bonaccorso 
<[email protected]>, Andreas Metzler <[email protected]>
Control: affects -1 + src:gnupg2
User: [email protected]
Usertags: pu

Hello,

I would like to fox the non-DSA CVE-2026-57062 for trixie:
CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through
2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is
supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related
to CVE-2026-34182.

This was fixed for sid/forky in 2.4.9-5. The respective patch applies
unchanged to the trixie version.

Since gnupg2 builds a udeb I suspect I might be too late for the next
point release.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

cu Andreas
-- 
"You people are noisy," Nia said.
I made the gesture of agreement.
diff --git a/debian/changelog b/debian/changelog
index 786180728..6617da515 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,14 @@
+gnupg2 (2.4.7-21+deb13u2) trixie; urgency=medium
+
+  * Fix CVE-2026-57062.
+    CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through
+    2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is
+    supposed to be 12 bytes but 4 bytes is accepted.
+
+ -- Andreas Metzler <[email protected]>  Sun, 05 Jul 2026 13:16:48 +0200
+
 gnupg2 (2.4.7-21+deb13u1) trixie; urgency=high
 
   * Avoid potential downgrade to SHA1 in 3rd party key signatures.
     https://gpg.fail/sha1 #12
     Patch from STABLE-BRANCH-2-4
diff --git a/debian/patches/from-master/0004-gpgsm-Require-a-minimum-tag-length-for-GCM-decryptio.patch b/debian/patches/from-master/0004-gpgsm-Require-a-minimum-tag-length-for-GCM-decryptio.patch
new file mode 100644
index 000000000..be629b0ee
--- /dev/null
+++ b/debian/patches/from-master/0004-gpgsm-Require-a-minimum-tag-length-for-GCM-decryptio.patch
@@ -0,0 +1,45 @@
+From 4c7e68cf3d335328821bdbb70db309a60d0e4fd4 Mon Sep 17 00:00:00 2001
+From: Werner Koch <[email protected]>
+Date: Thu, 18 Jun 2026 10:51:34 +0200
+Subject: [PATCH] gpgsm: Require a minimum tag length for GCM decryption.
+
+* sm/decrypt.c (gpgsm_decrypt): Require a minimum authtaglen.
+--
+
+Reported-by: Thai Duong <[email protected]>
+CVE-id: CVE-2026-57062
+---
+ sm/decrypt.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/sm/decrypt.c b/sm/decrypt.c
+index 20fb96060..92a33c6e6 100644
+--- a/sm/decrypt.c
++++ b/sm/decrypt.c
+@@ -1443,15 +1443,22 @@ gpgsm_decrypt (ctrl_t ctrl, estream_t in_fp, estream_t out_fp)
+               if (rc)
+                 {
+                   log_error ("error getting authtag: %s\n", gpg_strerror (rc));
+                   goto leave;
+                 }
+               if (DBG_CRYPTO)
+                 log_printhex (authtag, authtaglen, "Authtag ...:");
+-              rc = gcry_cipher_checktag (dfparm.hd, authtag, authtaglen);
++              if (authtaglen < 12)
++                {
++                  log_info ("authentication tag is too short (%zu octets)\n",
++                            authtaglen);
++                  rc = gpg_error (GPG_ERR_CHECKSUM);
++                }
++              else
++                rc = gcry_cipher_checktag (dfparm.hd, authtag, authtaglen);
+               xfree (authtag);
+               if (rc)
+                 log_error ("data is not authentic: %s\n", gpg_strerror (rc));
+               goto leave;
+             }
+         }
+     }
+-- 
+2.53.0
+
diff --git a/debian/patches/series b/debian/patches/series
index 3b42e1375..501b4657b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -34,10 +34,11 @@ from-master/gpg-agent-idling/0005-agent-Better-interaction-between-main-loop-and
 from-master/gpg-agent-idling/0006-agent-Introduce-management-of-timer-to-expire-cache-.patch
 from-master/gpg-agent-idling/0007-agent-Fix-the-previous-commit.patch
 from-master/gpg-agent-idling/0008-agent-Fix-timer-list-management.patch
 from-master/gpg-agent-idling/0009-agent-Fix-sock_inotify_fd-handling.patch
 from-master/gpg-agent-idling/0010-agent-Fix-timer-round-up-check-when-inserting-an-ent.patch
+from-master/0004-gpgsm-Require-a-minimum-tag-length-for-GCM-decryptio.patch
 Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch
 debian-packaging/Build-regexp-against-debian-s-unicode-data-package.patch
 debian-packaging/Always-build-common-status-codes.h-and-common-audit-event.patch
 do-not-install-gnutls.7.html.to.mandir.diff
 gpg-agent.socket-Set-GPG_AGENT_INFO-in-systemd-for-g.patch

Attachment: signature.asc
Description: PGP signature

Reply via email to