[security][trivy-image] HIGH CVE-2025-68973 in gpgv on app:9bd06a85ab6301fe9f0c7652cb6a85914a48d9e1 (ubuntu 24.04) #4

New Issue

2026-05-13T10:43:35-05:00

gitea-actions bot commented

2026-05-13 10:43:35 -05:00

Security scanner: trivy-image
Summary: GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write
Repository: kelly/donetick-notifier
Branch/ref: fresh-copy
Commit: 9bd06a85ab6301fe9f0c7652cb6a85914a48d9e1
Action run: https://git.ktr32.org/kelly/donetick-notifier/actions/runs/27

Details:

Type: Vulnerability
Severity: HIGH
Target: app:9bd06a85ab6301fe9f0c7652cb6a85914a48d9e1 (ubuntu 24.04)
Package: gpgv
Installed version: 2.4.4-2ubuntu17
Fixed version: 2.4.4-2ubuntu17.4
Vulnerability ID: CVE-2025-68973
Primary URL: https://avd.aquasec.com/nvd/cve-2025-68973

Security scanner: `trivy-image` Summary: GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write Repository: `kelly/donetick-notifier` Branch/ref: `fresh-copy` Commit: `9bd06a85ab6301fe9f0c7652cb6a85914a48d9e1` Action run: https://git.ktr32.org/kelly/donetick-notifier/actions/runs/27 Details: - Type: Vulnerability - Severity: HIGH - Target: app:9bd06a85ab6301fe9f0c7652cb6a85914a48d9e1 (ubuntu 24.04) - Package: gpgv - Installed version: 2.4.4-2ubuntu17 - Fixed version: 2.4.4-2ubuntu17.4 - Vulnerability ID: CVE-2025-68973 - Primary URL: https://avd.aquasec.com/nvd/cve-2025-68973

kelly referenced this issue

2026-05-13 11:15:14 -05:00

adding security tool stack, pre-commit steps, and gitignore additions #6

kelly closed this issue

2026-05-13 11:17:27 -05:00

kelly added the vulnerability label 2026-05-26 21:27:10 -05:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: kelly/donetick-notifier#4