Search for packages
Package details: pkg:deb/debian/gnupg2@2.2.12-1%2Bdeb10u2
purl pkg:deb/debian/gnupg2@2.2.12-1%2Bdeb10u2
Next non-vulnerable version 2.2.40-1.1+deb12u1
Latest non-vulnerable version 2.2.40-1.1+deb12u1
Risk 3.4
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-m9c4-h91g-sfgu
Aliases:
CVE-2019-14855
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.
2.2.27-2+deb11u2
Affected by 1 other vulnerability.
VCID-r49h-z2st-4kew
Aliases:
CVE-2022-34903
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
2.2.27-2+deb11u2
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-r49h-z2st-4kew GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. CVE-2022-34903

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T18:55:10.644991+00:00 Debian Oval Importer Affected by VCID-m9c4-h91g-sfgu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T13:52:14.196780+00:00 Debian Oval Importer Affected by VCID-r49h-z2st-4kew https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T11:39:51.973235+00:00 Debian Oval Importer Fixing VCID-r49h-z2st-4kew https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 37.0.0