Information on source package gnupg2

Available versions

ReleaseVersion
jessie2.0.26-6+deb8u3
stretch2.1.18-8~deb9u5
stretch (security)2.1.18-8~deb9u2
buster2.2.12-1+deb10u2
bullseye2.2.27-2+deb11u2
bookworm2.2.40-1.1
trixie2.2.45-2
sid2.2.45-2

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2019-14855vulnerable (no DSA, ignored)vulnerable (no DSA)vulnerable (no DSA, ignored)fixedfixedfixedfixedA flaw was found in the way certificate signatures could be forged usi ...
CVE-2018-1000858fixedvulnerable (no DSA)fixedfixedfixedfixedfixedGnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CS ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2022-3219vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableGnuPG can be made to spin on a relatively small input by (for example) ...

Resolved issues

BugDescription
CVE-2022-34903GnuPG through 2.3.6, in unusual situations where an attacker possesses ...
CVE-2020-25125GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, le ...
CVE-2018-12020mainproc.c in GnuPG before 2.2.8 mishandles the original filename duri ...
CVE-2018-9234GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key ce ...
CVE-2017-7526libgcrypt before version 1.7.8 is vulnerable to a cache side-channel a ...
CVE-2016-6313The mixing functions in the random number generator in Libgcrypt befor ...
CVE-2015-1607kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2 ...
CVE-2015-1606The keyring DB in GnuPG before 2.1.2 does not properly handle invalid ...
CVE-2014-9087Integer underflow in the ksba_oid_to_str function in Libksba before 1. ...
CVE-2014-4617The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.1 ...
CVE-2013-4402The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x be ...
CVE-2013-4351GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bi ...
CVE-2012-6085The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 a ...
CVE-2010-2547Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2. ...
CVE-2008-1530GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial ...
CVE-2007-1263GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the comm ...
CVE-2006-6235A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x ...
CVE-2006-6169Heap-based buffer overflow in the ask_outfile_name function in openfil ...
CVE-2006-3746Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote a ...
CVE-2006-3082parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, ...
CVE-2006-0455gpgv in GnuPG before 1.4.2.1, when using unattended signature verifica ...
CVE-2006-0049gpg in GnuPG before 1.4.2.2 does not properly verify non-detached sign ...
CVE-2005-2023The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Li ...

Security announcements

DSA / DLADescription
ELA-636-1gnupg2 - security update
DSA-5174-1gnupg2 - security update
DSA-4222-1gnupg2 - security update
DLA-51-1gnupg2 - security update
DSA-2968-1gnupg2 - security update
DSA-2774-1gnupg2 - several
DSA-2601-1gnupg - missing input sanitation
DSA-2076-1gnupg2 - execution of arbitrary code
DSA-1141-1gnupg2 - integer overflow
DSA-1115gnupg2 - integer overflow

Search for package or bug name: Reporting problems