| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|
| CVE-2026-42784 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | openpgp: Don't imply missing key flags from key type |
| CVE-2026-42783 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | openpgp: Reject nested embedded signatures |
| CVE-2025-67897 | vulnerable (no DSA, ignored) | vulnerable (no DSA) | fixed | fixed | fixed | In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext ... |
| CVE-2023-53160 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds ... |