Conversation
49016@mastodon.catgirl.cloud

⬡-49016 neobot_box_cat_ears

Item 5: Memory Corruption in ASCII-Armor Parsing

This is a serious memory-safety error in GPG.

Yes, and actually the only serious bug from their list. This one (T7906) was fixed in the repo on November 4 (T7906) and released with 2.5.14 on 2025-11-19:

  • gpg: Fix possible memory corruption in the armor parser. [T7906]

and in the ExtendedLTS version 2.2.51 already on: 2025-10-28:

  • gpg: Fix possible memory corruption in the armor parser.
    [rG1e929abd20]

Another release of 2.4 is still pending but given that its end-of-life is in 6 months, it would anyway better to switch to 2.5.

~ Werner Koch, gpg maintainer

2.4 is the version most distributions ship. 2.4 is NOT END OF LIFE YET. 2.4 is the version that is offered as "GnuPG" when downloading it from gnupg.org.

not fixing an exploitable memory corruption that can lead to remote code execution in a cryptography tool that often processes content transmitted over http is everything you need to know about werner koch.

stop using gpg. https://gpg.fail

2
3
0
5225225@furry.engineer

5225225

Reply to @49016@mastodon.catgirl.cloud

@49016 only backporting a probable security vulnerability to the versions that paying customers (assuming that's what"Extended Long Term Support contract available." means) is really funny

1
0
0
charlotte

Charlotte/Cinny neoraccoon_flag_plural therian

Reply to @5225225@furry.engineer

@5225225 @49016 gnu “pay us to have a security bug fixed caused by us writing the software in a memory-unsafe language” privacy “or deal with an unstable development version” guard

0
3
10
natty@astolfo.social

pancake butterfly_neofox_lesbian

Reply to @49016@mastodon.catgirl.cloud

@49016@catgirl.cloud Are sequoia maintainers more responsible?

0
0
0
About Raccoon Noises

Rules

  • Hate against minority groups is forbidden. This includes racism, sexism, ableism, xenophobia, homophobia, transphobia, antisemitism, islamophobia, queer exclusionism, etc.
  • Content that is illegal under German Law is not permitted. This especially includes the promotion and dissemination of any Nazi symbolism and ideology, except for education, reporting on past or current events, and antifascist art.
  • Please add content description to all media that you post. This instance automatically adds a CW if it is missing. If you are unable to create one, you can request one via the #DescriptionWanted hashtag
  • Be considerate. Add content warnings for NSFW Content, common phobias, overly long posts, controversial subjects, etc. Please try to avoid flashing images and quickly moving text inside of your posts.
  • NSFW content is generally allowed, but all NSFW content must be properly marked as such, including kinks. Profile images, names, bios, etc must be fully SFW, or they are subject to removal
  • Bots are allowed, however they must be marked as such and must make unlisted posts, may only @ or interact with posts of other users iff they have prompted the bot, or have given explicit permission to do so. Additionally, bots may not post more than 10 posts in a 60 minute interval without interaction.
We highly encourage reporting posts violating our rules, even if they are not on our instance. Your reports will not be ignored. For transparency we publish local moderation decisions for users on this server, and federation moderation decisions on the #FediBlock hashtag.
We do the following moderation automatically:
  • Unlisting of bot posts
  • Modification or removal of posts that cause issues with certain clients

Privacy Policy

What data do we collect?

We collect the following data:
  • Email Addresses from local users
  • Posts and Media uploaded by local users
  • User Profiles and Posts by certain remote users

How do we collect your data?

If you are a user of this instance, we collect and process your data when you sign up for or use interactive features (e.g. Posting) of the Website.
If you are not a local user, we collect your data over the following ways:
  • One of our users has requested to follow your account, and you have accepted the request.
  • One of your posts has been interacted with by a remote account, that a local account has followed. This includes Replies, Repeats, Quotes, Likes, Emoji Reactions, and @-Mentions.
  • You have requested that your post is shown to one of our users (i.e. through @-Mentions or DMs)
  • User Interaction: One of our users has explicitely looked up your profile or one of your posts on this instance, for example to interact with it.
  • You have posted a public post on an instance that participates in the awoo.today relay.

How will we use your data?

We collect your data so that we can:
  • Store and display your posts to our local users
  • Display public posts to anonymous users
  • Deliver your public, unlisted, and private posts to your followers
  • Deliver direct messages to the recipient
  • Allow our users to follow you
  • Allow our users to interact with your posts
As members of the awoo.today relay, we will send posts that you have marked as “public” to all of the other instances participating in the relay.

How do we store your data?

We store your post, profile and account data securely in the Hetzner Datacenter in Falkenstein, Germany. See their DIN ISO/IEC 27001 certification Media is stored on Vultr
We employ technical security measures to avoid exposure to sensitive data.
We also store backups of post, profile, and account data in multiple locations, in an encrypted form, on our server near Chemnitz, Germany, as well as on Vultr.
For technical reasons it is not possible modify these backups to remove your data. If this is a concern, please contact us.

What are your data protection rights?

We want to make sure that you are aware of your data protection rights. Every user is entitled to the following:
The right to access — You can request a copy of the data we have about you. This may require a short verification for remote users. Local users can do so in the settings under Export/Import
The right to rectification — You can request us to correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is inaccurate.
The right to erasure — You can request us to erase the data we have about you.
The right to restrict to processing — You can restrict us from transmitting your posts to other servers by setting your post visiblity to “Local”. Remote users can also restrict processing of certain posts, by setting its visiblity to “Unlisted” or “Private”.
The right to object to processing — As a remote user, you can object to further processing of posts and profile data by blocking this domain.
The right to data portability — You can at any point move to other instances. Due to technical restrictions, it is currently not possible to automatically transfer the users you follow and posts to your new account.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, or need help with the included tools, please contact us at our email privacy@chir.rs

Cookies

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology
For further information, visit allaboutcookies.org.

How do we use cookies?

We use cookies for keeping you logged in. Additionally we store certain configuration in cookies, however these cookies are never transmitted to anyone.

How to manage cookies

You can tell your browser to not accept cookies, or tell it to remove cookies this website has stored on your device. Please consult your browser’s documentation on instructions on how to do that.

Privacy policies of other websites

This site contains many links to other websites. This privacy policy only applies to this website. Please consult the privacy policy of these remote sites before entering any personal information.

Changes to our privacy policy

We may make occasional adjustments to this privacy policy. This policy was last updated on 2022-12-30.

How to contact us

If you have any questions about this policy, the data we hold about you, or want to exercise one of your data protection rights, please contact us at: privacy@chir.rs

How to contact the appropriate authority

Should you wish to report a complaint, or if you feel that we haven’t addressed your concern in a satisfactory manner, you may contact the Sächsische Datenschutzbehörde.
We also offer the Mastodon Web UI. Keep in mind that some features are missing, like emoji reactions, quoting, and JPEG XL.

Art Credit