ELA-5-1 gnupg security update

insufficient input sanitisation

2018-06-23
Packagegnupg
Version1.4.12-7+deb7u10
Related CVE CVE-2018-12020

Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.

Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html

For Debian 7 Wheezy, these problems have been fixed in version 1.4.12-7+deb7u10.

We recommend that you upgrade your gnupg packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/