Information on source package gnupg

Available versions

ReleaseVersion
wheezy1.4.12-7+deb7u7
wheezy (security)1.4.12-7+deb7u9
jessie (security)1.4.18-7+deb8u4

Open issues

BugwheezyjessieDescription
CVE-2015-1607vulnerable (no DSA)fixedmemcpy with overlapping ranges, resulting from incorrect bitwise left shifts

Open unimportant issues

BugwheezyjessieDescription
CVE-2018-6829vulnerablevulnerablecipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt ...

Resolved issues

BugDescription
TEMP-0107374-DF37E7gnupg: inproper flagging of signatures as being local
CVE-2017-7526Use of left-to-right sliding window method allows full RSA key recovery
CVE-2016-6313The mixing functions in the random number generator in Libgcrypt ...
CVE-2015-1606use after free resulting from failure to skip invalid packets
CVE-2015-0837data-dependent timing variations in modular exponentiation
CVE-2014-5270Libgcrypt before 1.5.4, as used in GnuPG and other products, does not ...
CVE-2014-4617The do_uncompress function in g10/compress.c in GnuPG 1.x before ...
CVE-2014-3591sidechannel attack on Elgamal
CVE-2013-4576GnuPG 1.x before 1.4.16 generates RSA keys using sequences of ...
CVE-2013-4402The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x ...
CVE-2013-4351GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all ...
CVE-2013-4242GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x ...
CVE-2012-6085The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 ...
CVE-2008-1530GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial ...
CVE-2007-1263GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the ...
CVE-2006-6235A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x ...
CVE-2006-6169Heap-based buffer overflow in the ask_outfile_name function in ...
CVE-2006-3746Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote ...
CVE-2006-3082parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, ...
CVE-2006-0455gpgv in GnuPG before 1.4.2.1, when using unattended signature ...
CVE-2006-0049gpg in GnuPG before 1.4.2.2 does not properly verify non-detached ...
CVE-2005-0366The integrity check feature in OpenPGP, when handling a message that ...
CVE-2003-0971GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal ...
CVE-2003-0255The key validation code in GnuPG before 1.2.2 does not properly ...

Security announcements

DSA / DLADescription
DSA-3960-1gnupg - security update
DLA-1080-1gnupg - security update
DLA-602-1gnupg - security update
DSA-3649-1gnupg - security update
DLA-175-1gnupg - security update
DSA-3184-1gnupg - security update
DLA-54-1gnupg - security-update
DSA-3024-1gnupg - security update
DLA-0012-1gnupg - security update
DSA-2967-1gnupg - security update
DSA-2821-1gnupg - side channel attack
DSA-2821-1gnupg - side channel attack
DSA-2773-1gnupg - several
DSA-2773-1gnupg - several
DSA-2730-1gnupg - information leak
DSA-2730-1gnupg - information leak
DSA-2601-1gnupg - missing input sanitation
DSA-1266-1gnupg - several vulnerabilities
DSA-1231-1gnupg
DSA-1140-1gnupg - integer overflow
DSA-1115gnupg2 - integer overflow
DSA-1107gnupg - integer overflow
DSA-993-2gnupg - remote
DSA-993-2gnupg - remote
DSA-978-1gnupg - invalid success return
DSA-978-1gnupg - invalid success return
DSA-429gnupg - cryptographic weakness

Search for package or bug name: Reporting problems