gnupg
Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
Description | Complete and free implementation of the OpenPGP standard |
Version |
2.2.19-1 [testing] 2.2.18-2 [core] |
Resolved
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-943 | 2.2.5-1 | 2.2.5-2 | Low | Fixed | |
AVG-713 | 2.2.7-1 | 2.2.8-1 | High | Fixed | FS#58931 |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2018-12020 | AVG-713 | High | Yes | Content spoofing | A security issue has been found in gnupg before 2.2.8, leading to the possibility of faking verification status of signed content. The OpenPGP protocol... |
CVE-2018-9234 | AVG-943 | Low | No | Insufficient validation | When using a GnuPG smartcard in 2.2.4+ with an offline master [C]ertify key, it is possible to sign the keys of others with only a [S]igning subkey present. |
Advisories
Date | Advisory | Group | Severity | Description |
---|---|---|---|---|
11 Jun 2018 | ASA-201806-8 | AVG-713 | High | content spoofing |