gnupg

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Complete and free implementation of the OpenPGP standard
Version	2.2.17-2 [testing] 2.2.16-1 [core]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-943	2.2.5-1	2.2.5-2	Low	Fixed
AVG-713	2.2.7-1	2.2.8-1	High	Fixed	FS#58931

Issue	Group	Severity	Remote	Type	Description
CVE-2018-12020	AVG-713	High	Yes	Content spoofing	A security issue has been found in gnupg before 2.2.8, leading to the possibility of faking verification status of signed content. The OpenPGP protocol...
CVE-2018-9234	AVG-943	Low	No	Insufficient validation	When using a GnuPG smartcard in 2.2.4+ with an offline master [C]ertify key, it is possible to sign the keys of others with only a [S]igning subkey present.

Issue

Group

Severity

Remote

Type

Description

CVE-2018-12020

AVG-713

High

Yes

Content spoofing

A security issue has been found in gnupg before 2.2.8, leading to the possibility of faking verification status of signed content. The OpenPGP protocol...

CVE-2018-9234

AVG-943

Low

Insufficient validation

When using a GnuPG smartcard in 2.2.4+ with an offline master [C]ertify key, it is possible to sign the keys of others with only a [S]igning subkey present.

Advisories

Date	Advisory	Group	Severity	Description
11 Jun 2018	ASA-201806-8	AVG-713	High	content spoofing