Search for packages
| purl | pkg:deb/debian/gnupg@1.4.18-7%2Bdeb8u5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-7hrs-wfbd-bbcf | libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used. |
CVE-2017-7526
|
| VCID-gcbw-63wa-sqhp |
CVE-2016-6313
|
|
| VCID-p6xn-vjxt-3qcu | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. |
CVE-2018-12020
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T10:29:53.209865+00:00 | Debian Oval Importer | Fixing | VCID-7hrs-wfbd-bbcf | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 37.0.0 |
| 2025-08-01T10:29:46.612315+00:00 | Debian Oval Importer | Fixing | VCID-gcbw-63wa-sqhp | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 37.0.0 |
| 2025-08-01T10:02:20.558598+00:00 | Debian Oval Importer | Fixing | VCID-p6xn-vjxt-3qcu | https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 | 37.0.0 |