VulnerableCode Package Details - pkg:deb/debian/rnp@0.18.1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-eu3v-wzxr-pbd3	Certain malformed OpenPGP messages could trigger incorrect parsing of PKESK/SKESK packets due to a bug in the Ribose RNP library used by Thunderbird up to version 102.9.1, which would cause the Thunderbird user interface to hang. The issue was discovered using Google's oss-fuzz.	CVE-2023-29479
VCID-t2ak-y8du-pfft	librnp uses weak random number generation such that generated keys can be easily cracked.	CVE-2025-13470
VCID-w7s3-7ab3-xyeb	Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use.	CVE-2023-29480
VCID-x486-a1u1-jqau	Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm.	CVE-2021-33589

Vulnerability

Summary

Aliases

VCID-eu3v-wzxr-pbd3

Certain malformed OpenPGP messages could trigger incorrect parsing of PKESK/SKESK packets due to a bug in the Ribose RNP library used by Thunderbird up to version 102.9.1, which would cause the Thunderbird user interface to hang. The issue was discovered using Google's oss-fuzz.

CVE-2023-29479

VCID-t2ak-y8du-pfft

librnp uses weak random number generation such that generated keys can be easily cracked.

CVE-2025-13470

VCID-w7s3-7ab3-xyeb

Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use.

CVE-2023-29480

VCID-x486-a1u1-jqau

Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm.

CVE-2021-33589

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:22:45.456478+00:00	Debian Importer	Fixing	VCID-t2ak-y8du-pfft	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:38:12.078265+00:00	Debian Importer	Fixing	VCID-w7s3-7ab3-xyeb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:37:29.708130+00:00	Debian Importer	Fixing	VCID-x486-a1u1-jqau	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:34:15.256018+00:00	Debian Importer	Fixing	VCID-eu3v-wzxr-pbd3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-12T18:15:44.801624+00:00	Debian Importer	Fixing	VCID-t2ak-y8du-pfft	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T18:15:44.695264+00:00	Debian Importer	Fixing	VCID-eu3v-wzxr-pbd3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:24:48.777970+00:00	Debian Importer	Fixing	VCID-w7s3-7ab3-xyeb	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:24:25.399053+00:00	Debian Importer	Fixing	VCID-x486-a1u1-jqau	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:52:05.266426+00:00	Debian Importer	Fixing	VCID-t2ak-y8du-pfft	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:52:05.225930+00:00	Debian Importer	Fixing	VCID-w7s3-7ab3-xyeb	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:52:05.195145+00:00	Debian Importer	Fixing	VCID-eu3v-wzxr-pbd3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:52:05.163174+00:00	Debian Importer	Fixing	VCID-x486-a1u1-jqau	https://security-tracker.debian.org/tracker/data/json	38.1.0