CVE-2019-6690

NameCVE-2019-6690
Descriptionimproper input validation in gnupg.GPG.encrypt() and gnupg.GPG.decrypt()
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1675-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-gnupg (PTS)jessie0.3.6-1vulnerable
jessie (security)0.3.6-1+deb8u1fixed
stretch0.3.9-1vulnerable
buster, sid0.4.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-gnupgsource(unstable)0.4.4-1
python-gnupgsourcejessie0.3.6-1+deb8u1DLA-1675-1

Notes

https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability
https://github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112
https://github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112

Search for package or bug name: Reporting problems