2025-11-27 13:17:25 +01:00
2 changed files with 19 additions and 1 deletions
--- a/patchinfo.20251126142654688873.93181000773252/_patchinfo
+++ b/patchinfo.20251126142654688873.93181000773252/_patchinfo
@@ -0,0 +1,18 @@
+<patchinfo>
+  <issue tracker="bnc" id="1253957">VUL-0: CVE-2025-13470,CVE-2025-13402: rnp: rnp PKESK session keys generated as all‑zero</issue>
+  <issue tracker="cve" id="2025-13470">cve#2025-13470 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-13470</issue>
+  <issue tracker="cve" id="2025-13402">cve#2025-13402 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-13402</issue>
+  <packager>AndreasStieger</packager>
+  <rating>moderate</rating>
+  <category>security</category>
+  <summary>Security update for rnp</summary>
+  <description>This update for rnp fixes the following issues:
+
+- update to 0.18.1:
+  * CVE-2025-13470: PKESK (public-key encrypted) session keys were
+    generated as all-zero, allowing trivial decryption of messages
+    encrypted with public keys only (boo#1253957, CVE-2025-13402)
+</description>
+  <package>rnp</package>
+  <seperate_build_arch/>
+</patchinfo>
--- a/2
+++ b/2