Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Complete and free implementation of the OpenPGP standard
Version 2.4.4-1 [core]


Group Affected Fixed Severity Status Ticket
AVG-2776 2.2.35-2 2.2.36-1 Unknown Fixed
AVG-1218 2.2.21-2 2.2.23-1 Critical Fixed
AVG-943 2.2.5-1 2.2.5-2 Low Fixed
AVG-713 2.2.7-1 2.2.8-1 High Fixed FS#58931
Issue Group Severity Remote Type Description
CVE-2022-34903 AVG-2776 Unknown Unknown Unknown Unknown
CVE-2020-25125 AVG-1218 Critical Yes Arbitrary code execution
Importing an OpenPGP key having a preference list for AEAD algorithms will lead to an array overflow and thus often to a crash or other undefined behaviour....
CVE-2018-12020 AVG-713 High Yes Content spoofing
A security issue has been found in gnupg before 2.2.8, leading to the possibility of faking verification status of signed content. The OpenPGP protocol...
CVE-2018-9234 AVG-943 Low No Insufficient validation
When using a GnuPG smartcard in 2.2.4+ with an offline master [C]ertify key, it is possible to sign the keys of others with only a [S]igning subkey present.


Date Advisory Group Severity Type
07 Sep 2020 ASA-202009-5 AVG-1218 Critical arbitrary code execution
11 Jun 2018 ASA-201806-8 AVG-713 High content spoofing