Information on source package gnupg

Available versions

ReleaseVersion
jessie1.4.18-7+deb8u5

Open issues

BugjessieDescription
CVE-2019-14855vulnerable (no DSA, ignored)A flaw was found in the way certificate signatures could be forged usi ...

Open unimportant issues

BugjessieDescription
CVE-2022-34903vulnerableGnuPG through 2.3.6, in unusual situations where an attacker possesses ...
CVE-2022-3219vulnerableGnuPG can be made to spin on a relatively small input by (for example) ...
CVE-2018-6829vulnerablecipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt mess ...

Resolved issues

BugDescription
TEMP-0107374-DF37E7gnupg: inproper flagging of signatures as being local
CVE-2018-1000858GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CS ...
CVE-2018-12020mainproc.c in GnuPG before 2.2.8 mishandles the original filename duri ...
CVE-2017-7526libgcrypt before version 1.7.8 is vulnerable to a cache side-channel a ...
CVE-2016-6313The mixing functions in the random number generator in Libgcrypt befor ...
CVE-2015-1607kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2 ...
CVE-2015-1606The keyring DB in GnuPG before 2.1.2 does not properly handle invalid ...
CVE-2015-0837The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.1 ...
CVE-2014-5270Libgcrypt before 1.5.4, as used in GnuPG and other products, does not ...
CVE-2014-4617The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.1 ...
CVE-2014-3591Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciph ...
CVE-2013-4576GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introduc ...
CVE-2013-4402The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x be ...
CVE-2013-4351GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bi ...
CVE-2013-4242GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x ...
CVE-2012-6085The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 a ...
CVE-2008-1530GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial ...
CVE-2007-1263GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the comm ...
CVE-2006-6235A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x ...
CVE-2006-6169Heap-based buffer overflow in the ask_outfile_name function in openfil ...
CVE-2006-3746Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote a ...
CVE-2006-3082parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, ...
CVE-2006-0455gpgv in GnuPG before 1.4.2.1, when using unattended signature verifica ...
CVE-2006-0049gpg in GnuPG before 1.4.2.2 does not properly verify non-detached sign ...
CVE-2005-0366The integrity check feature in OpenPGP, when handling a message that w ...
CVE-2003-0971GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal typ ...
CVE-2003-0255The key validation code in GnuPG before 1.2.2 does not properly determ ...

Security announcements

DSA / DLADescription
ELA-5-1gnupg - security update
DSA-4224-1gnupg - security update
DSA-3960-1gnupg - security update
DLA-1080-1gnupg - security update
DLA-602-1gnupg - security update
DSA-3649-1gnupg - security update
DLA-175-1gnupg - security update
DSA-3184-1gnupg - security update
DLA-54-1gnupg - security-update
DSA-3024-1gnupg - security update
DLA-0012-1gnupg - security update
DSA-2967-1gnupg - security update
DSA-2821-1gnupg - side channel attack
DSA-2773-1gnupg - several
DSA-2730-1gnupg - information leak
DSA-2601-1gnupg - missing input sanitation
DSA-1266-1gnupg - several vulnerabilities
DSA-1231-1gnupg
DSA-1140-1gnupg - integer overflow
DSA-1115gnupg2 - integer overflow
DSA-1107gnupg - integer overflow
DSA-993-2gnupg - remote
DSA-978-1gnupg - invalid success return
DSA-429gnupg - cryptographic weakness

Search for package or bug name: Reporting problems