VulnerableCode Package Details - pkg:alpm/archlinux/gnupg@2.2.8-1

Search for packages

Package details: pkg:alpm/archlinux/gnupg@2.2.8-1

Essentials
History (4)

purl	pkg:alpm/archlinux/gnupg@2.2.8-1

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-4u1u-zxbs-aaag	mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.	CVE-2018-12020

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:46:02.871932+00:00	Arch Linux Importer	Fixing	VCID-4u1u-zxbs-aaag	https://security.archlinux.org/AVG-713	36.0.0
2024-09-18T02:01:06.883550+00:00	Arch Linux Importer	Fixing	VCID-4u1u-zxbs-aaag	https://security.archlinux.org/AVG-713	34.0.1
2024-01-25T16:07:06.793620+00:00	Arch Linux Importer	Fixing	VCID-4u1u-zxbs-aaag	https://security.archlinux.org/AVG-713	34.0.0rc2
2024-01-03T22:27:22.703481+00:00	Arch Linux Importer	Fixing	VCID-4u1u-zxbs-aaag	https://security.archlinux.org/AVG-713	34.0.0rc1