CVE-2019-6690

NameCVE-2019-6690
Descriptionpython-gnupg 0.4.3 allows context-dependent attackers to trick gnupg t ...
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1675-1, DLA-2862-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-gnupg (PTS)bullseye0.4.6-1fixed
bookworm0.4.9-1fixed
forky, sid, trixie0.5.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-gnupgsourcejessie0.3.6-1+deb8u1DLA-1675-1
python-gnupgsourcestretch0.3.9-1+deb9u1DLA-2862-1
python-gnupgsource(unstable)0.4.4-1

Notes

https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability
https://github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112
https://github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112
Search for package or bug name: Reporting problems