[security][trivy-image] HIGH CVE-2025-68973 in gpgv on app:c23046007f6b2ab91d6c0071f1999ecf5ab81c88 (ubuntu 22.04) #4

New Issue

2026-05-16T23:11:28-05:00

gitea-actions bot commented

2026-05-16 23:11:28 -05:00

Security scanner: trivy-image
Summary: GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write
Repository: kelly/qbt-gluetun-portmgr
Branch/ref: sast-scannning
Commit: c23046007f6b2ab91d6c0071f1999ecf5ab81c88
Action run: https://git.ktr32.org/kelly/qbt-gluetun-portmgr/actions/runs/39

Details:

Type: Vulnerability
Severity: HIGH
Target: app:c23046007f6b2ab91d6c0071f1999ecf5ab81c88 (ubuntu 22.04)
Package: gpgv
Installed version: 2.2.27-3ubuntu2.1
Fixed version: 2.2.27-3ubuntu2.5
Vulnerability ID: CVE-2025-68973
Primary URL: https://avd.aquasec.com/nvd/cve-2025-68973

Security scanner: `trivy-image` Summary: GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write Repository: `kelly/qbt-gluetun-portmgr` Branch/ref: `sast-scannning` Commit: `c23046007f6b2ab91d6c0071f1999ecf5ab81c88` Action run: https://git.ktr32.org/kelly/qbt-gluetun-portmgr/actions/runs/39 Details: - Type: Vulnerability - Severity: HIGH - Target: app:c23046007f6b2ab91d6c0071f1999ecf5ab81c88 (ubuntu 22.04) - Package: gpgv - Installed version: 2.2.27-3ubuntu2.1 - Fixed version: 2.2.27-3ubuntu2.5 - Vulnerability ID: CVE-2025-68973 - Primary URL: https://avd.aquasec.com/nvd/cve-2025-68973

kelly referenced this issue from a commit

2026-05-16 23:23:25 -05:00

resolving issues #4 and #5 - security findings

kelly referenced a pull request that will close this issue

2026-05-16 23:34:59 -05:00

enabled enhanced sast scans with automatic issue creation on findings #6

kelly closed this issue

2026-05-16 23:35:41 -05:00

Sign in to join this conversation.