[security][trivy-image] HIGH CVE-2025-68973 in gpgv on app:4d711859ace27e2930cf85f4e4a13ffa2f737697 (ubuntu 22.04) #2

New Issue

2026-05-13T08:01:28-05:00

gitea-actions bot commented

2026-05-13 08:01:28 -05:00

Security scanner: trivy-image
Summary: GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write
Repository: kelly/donetick-notifier
Branch/ref: fresh-copy
Commit: 4d711859ace27e2930cf85f4e4a13ffa2f737697
Action run: https://git.ktr32.org/kelly/donetick-notifier/actions/runs/26

Details:

Type: Vulnerability
Severity: HIGH
Target: app:4d711859ace27e2930cf85f4e4a13ffa2f737697 (ubuntu 22.04)
Package: gpgv
Installed version: 2.2.27-3ubuntu2.1
Fixed version: 2.2.27-3ubuntu2.5
Vulnerability ID: CVE-2025-68973
Primary URL: https://avd.aquasec.com/nvd/cve-2025-68973

Security scanner: `trivy-image` Summary: GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write Repository: `kelly/donetick-notifier` Branch/ref: `fresh-copy` Commit: `4d711859ace27e2930cf85f4e4a13ffa2f737697` Action run: https://git.ktr32.org/kelly/donetick-notifier/actions/runs/26 Details: - Type: Vulnerability - Severity: HIGH - Target: app:4d711859ace27e2930cf85f4e4a13ffa2f737697 (ubuntu 22.04) - Package: gpgv - Installed version: 2.2.27-3ubuntu2.1 - Fixed version: 2.2.27-3ubuntu2.5 - Vulnerability ID: CVE-2025-68973 - Primary URL: https://avd.aquasec.com/nvd/cve-2025-68973

kelly referenced this issue

2026-05-13 11:15:14 -05:00

adding security tool stack, pre-commit steps, and gitignore additions #6

kelly closed this issue

2026-05-13 11:17:26 -05:00

kelly added the vulnerability label 2026-05-26 21:27:09 -05:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: kelly/donetick-notifier#2