gnupg
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Complete and free implementation of the OpenPGP standard |
| Version | 2.2.20-1 [core] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-943 | 2.2.5-1 | 2.2.5-2 | Low | Fixed | |
| AVG-713 | 2.2.7-1 | 2.2.8-1 | High | Fixed | FS#58931 |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2018-12020 | AVG-713 | High | Yes | Content spoofing | A security issue has been found in gnupg before 2.2.8, leading to the possibility of faking verification status of signed content. The OpenPGP protocol... |
| CVE-2018-9234 | AVG-943 | Low | No | Insufficient validation | When using a GnuPG smartcard in 2.2.4+ with an offline master [C]ertify key, it is possible to sign the keys of others with only a [S]igning subkey present. |
Advisories
| Date | Advisory | Group | Severity | Description |
|---|---|---|---|---|
| 11 Jun 2018 | ASA-201806-8 | AVG-713 | High | content spoofing |