Information on source package gnupg2

Available versions

ReleaseVersion
jessie (security)2.0.26-6+deb8u2
stretch2.1.18-8~deb9u1
stretch (security)2.1.18-8~deb9u2
buster2.2.8-3
sid2.2.8-3

Open issues

BugjessiestretchbustersidDescription
CVE-2018-9234vulnerable (no DSA)vulnerable (no DSA)fixedfixedGnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key ...

Resolved issues

BugDescription
CVE-2018-12020mainproc.c in GnuPG before 2.2.8 mishandles the original filename ...
CVE-2017-7526Use of left-to-right sliding window method allows full RSA key recovery
CVE-2016-6313The mixing functions in the random number generator in Libgcrypt ...
CVE-2015-1607memcpy with overlapping ranges, resulting from incorrect bitwise left shifts
CVE-2015-1606use after free resulting from failure to skip invalid packets
CVE-2014-9087Integer underflow in the ksba_oid_to_str function in Libksba before ...
CVE-2014-4617The do_uncompress function in g10/compress.c in GnuPG 1.x before ...
CVE-2013-4402The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x ...
CVE-2013-4351GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all ...
CVE-2012-6085The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 ...
CVE-2010-2547Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG ...
CVE-2008-1530GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial ...
CVE-2007-1263GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the ...
CVE-2006-6235A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x ...
CVE-2006-6169Heap-based buffer overflow in the ask_outfile_name function in ...
CVE-2006-3746Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote ...
CVE-2006-3082parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, ...
CVE-2006-0455gpgv in GnuPG before 1.4.2.1, when using unattended signature ...
CVE-2006-0049gpg in GnuPG before 1.4.2.2 does not properly verify non-detached ...
CVE-2005-2023The send_pinentry_environment function in asshelp.c in gpg2 on SUSE ...

Security announcements

DSA / DLADescription
DSA-4222-1gnupg2 - security update
DSA-4222-1gnupg2 - security update
DLA-51-1gnupg2 - security update
DSA-2968-1gnupg2 - security update
DSA-2774-1gnupg2 - several
DSA-2774-1gnupg2 - several
DSA-2601-1gnupg - missing input sanitation
DSA-2076-1gnupg2 - execution of arbitrary code
DSA-1141-1gnupg2 - integer overflow
DSA-1115gnupg2 - integer overflow

Search for package or bug name: Reporting problems