gnupg

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Complete and free implementation of the OpenPGP standard
Version 2.2.17-2 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-943 2.2.5-1 2.2.5-2 Low Fixed
AVG-713 2.2.7-1 2.2.8-1 High Fixed FS#58931
Issue Group Severity Remote Type Description
CVE-2018-12020 AVG-713 High Yes Content spoofing
A security issue has been found in gnupg before 2.2.8, leading to the possibility of faking verification status of signed content. The OpenPGP protocol...
CVE-2018-9234 AVG-943 Low No Insufficient validation
When using a GnuPG smartcard in 2.2.4+ with an offline master [C]ertify key, it is possible to sign the keys of others with only a [S]igning subkey present.

Advisories

Date Advisory Group Severity Description
11 Jun 2018 ASA-201806-8 AVG-713 High content spoofing