Search for packages
| purl | pkg:deb/debian/gnupg2@2.2.27-2%2Bdeb11u2 |
| Next non-vulnerable version | 2.2.40-1.1+deb12u1 |
| Latest non-vulnerable version | 2.4.7-17 |
| Risk | 1.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-jv84-26c2-5fdx
Aliases: CVE-2025-30258 |
gnupg: verification DoS due to a malicious subkey in the keyring |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-ey5p-3qp3-aaam | GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. |
CVE-2022-34903
|
| VCID-m3q4-wftu-aaaa | A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. |
CVE-2019-14855
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T09:14:08.751911+00:00 | Debian Importer | Affected by | VCID-jv84-26c2-5fdx | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T06:04:25.664084+00:00 | Debian Oval Importer | Fixing | VCID-m3q4-wftu-aaaa | None | 36.1.3 |
| 2025-06-21T03:19:56.984721+00:00 | Debian Oval Importer | Fixing | VCID-ey5p-3qp3-aaam | None | 36.1.3 |
| 2025-06-20T21:25:58.966927+00:00 | Debian Importer | Fixing | VCID-m3q4-wftu-aaaa | None | 36.1.3 |
| 2025-06-20T21:03:12.987423+00:00 | Debian Importer | Fixing | VCID-m3q4-wftu-aaaa | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-08T12:06:53.195401+00:00 | Debian Oval Importer | Fixing | VCID-ey5p-3qp3-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-07T23:43:10.716337+00:00 | Debian Oval Importer | Fixing | VCID-m3q4-wftu-aaaa | None | 36.1.0 |
| 2025-06-07T20:52:59.610216+00:00 | Debian Oval Importer | Fixing | VCID-ey5p-3qp3-aaam | None | 36.1.0 |
| 2025-06-05T14:46:05.757463+00:00 | Debian Importer | Fixing | VCID-m3q4-wftu-aaaa | https://security-tracker.debian.org/tracker/data/json | 36.1.0 |
| 2025-04-12T21:39:24.983048+00:00 | Debian Oval Importer | Fixing | VCID-m3q4-wftu-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:52:24.400427+00:00 | Debian Oval Importer | Fixing | VCID-ey5p-3qp3-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-07T22:15:15.966475+00:00 | Debian Oval Importer | Fixing | VCID-m3q4-wftu-aaaa | None | 36.0.0 |
| 2025-04-07T19:23:33.043005+00:00 | Debian Oval Importer | Fixing | VCID-ey5p-3qp3-aaam | None | 36.0.0 |
| 2025-04-05T19:50:13.415952+00:00 | Debian Importer | Affected by | VCID-jv84-26c2-5fdx | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-04T00:03:30.122097+00:00 | Debian Importer | Fixing | VCID-m3q4-wftu-aaaa | None | 36.0.0 |
| 2025-04-03T23:43:45.207647+00:00 | Debian Importer | Fixing | VCID-m3q4-wftu-aaaa | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-02-19T06:50:46.521289+00:00 | Debian Importer | Fixing | VCID-m3q4-wftu-aaaa | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-19T06:50:44.348648+00:00 | Debian Importer | Fixing | VCID-m3q4-wftu-aaaa | None | 35.1.0 |
| 2024-04-24T14:34:48.452763+00:00 | Debian Importer | Fixing | VCID-m3q4-wftu-aaaa | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T14:34:46.019639+00:00 | Debian Importer | Fixing | VCID-m3q4-wftu-aaaa | None | 34.0.0rc4 |