gnupg
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Complete and free implementation of the OpenPGP standard |
| Version | 2.2.23-1 [core] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1218 | 2.2.21-2 | 2.2.23-1 | Critical | Fixed | |
| AVG-943 | 2.2.5-1 | 2.2.5-2 | Low | Fixed | |
| AVG-713 | 2.2.7-1 | 2.2.8-1 | High | Fixed | FS#58931 |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-25125 | AVG-1218 | Critical | Yes | Arbitrary code execution | Importing an OpenPGP key having a preference list for AEAD algorithms will lead to an array overflow and thus often to a crash or other undefined behaviour.... |
| CVE-2018-12020 | AVG-713 | High | Yes | Content spoofing | A security issue has been found in gnupg before 2.2.8, leading to the possibility of faking verification status of signed content. The OpenPGP protocol... |
| CVE-2018-9234 | AVG-943 | Low | No | Insufficient validation | When using a GnuPG smartcard in 2.2.4+ with an offline master [C]ertify key, it is possible to sign the keys of others with only a [S]igning subkey present. |
Advisories
| Date | Advisory | Group | Severity | Description |
|---|---|---|---|---|
| 07 Sep 2020 | ASA-202009-5 | AVG-1218 | Critical | arbitrary code execution |
| 11 Jun 2018 | ASA-201806-8 | AVG-713 | High | content spoofing |