Search for packages
Package details: pkg:deb/debian/python-gnupg@0.3.6-1
purl pkg:deb/debian/python-gnupg@0.3.6-1
Next non-vulnerable version 0.4.4-1
Latest non-vulnerable version 0.4.4-1
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-f7z6-jm9f-aaap
Aliases:
CVE-2019-6690
GHSA-2fch-jvg5-crf6
GHSA-qh62-ch95-63wh
PYSEC-2019-115
PYSEC-2019-45
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.
0.4.4-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-1w6t-r8pu-aaas python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. CVE-2013-7323
GHSA-c2fx-8r76-gh36
PYSEC-2014-89
VCID-hx2x-2bd6-aaag python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. CVE-2014-1929
GHSA-vcr5-xr9h-mvc5
PYSEC-2014-92
VCID-rv7m-a4aw-aaas The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulnerability than CVE-2014-1927. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. CVE-2014-1928
GHSA-2jc8-4r6g-282j
PYSEC-2014-91
VCID-swze-zwv1-aaaq The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability than CVE-2014-1928. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. CVE-2014-1927
GHSA-r3vr-prwv-86g9
PYSEC-2014-90

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:10:44.129570+00:00 Debian Oval Importer Fixing VCID-hx2x-2bd6-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:53:30.566247+00:00 Debian Oval Importer Fixing VCID-1w6t-r8pu-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:28:51.037283+00:00 Debian Oval Importer Affected by VCID-f7z6-jm9f-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T16:39:20.711314+00:00 Debian Oval Importer Fixing VCID-swze-zwv1-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:37:50.795248+00:00 Debian Oval Importer Fixing VCID-1w6t-r8pu-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:22:53.927445+00:00 Debian Oval Importer Fixing VCID-rv7m-a4aw-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:51:18.804416+00:00 Debian Oval Importer Fixing VCID-hx2x-2bd6-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:36:09.100552+00:00 Debian Oval Importer Affected by VCID-f7z6-jm9f-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T01:23:32.739798+00:00 Debian Oval Importer Fixing VCID-swze-zwv1-aaaq None 36.1.3
2025-06-21T00:41:58.838912+00:00 Debian Oval Importer Fixing VCID-hx2x-2bd6-aaag None 36.1.3
2025-06-21T00:04:57.791976+00:00 Debian Oval Importer Affected by VCID-f7z6-jm9f-aaap None 36.1.3
2025-06-20T23:34:35.977063+00:00 Debian Oval Importer Fixing VCID-rv7m-a4aw-aaas None 36.1.3
2025-06-20T19:44:26.315847+00:00 Debian Oval Importer Fixing VCID-1w6t-r8pu-aaas None 36.1.3
2025-06-08T12:17:11.589129+00:00 Debian Oval Importer Fixing VCID-swze-zwv1-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:39:38.880804+00:00 Debian Oval Importer Fixing VCID-hx2x-2bd6-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:23:17.441506+00:00 Debian Oval Importer Fixing VCID-1w6t-r8pu-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:59:21.578463+00:00 Debian Oval Importer Affected by VCID-f7z6-jm9f-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T09:24:53.877956+00:00 Debian Oval Importer Fixing VCID-swze-zwv1-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:32:22.594628+00:00 Debian Oval Importer Fixing VCID-1w6t-r8pu-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:15:58.962579+00:00 Debian Oval Importer Fixing VCID-rv7m-a4aw-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:45:32.113402+00:00 Debian Oval Importer Fixing VCID-hx2x-2bd6-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:54:13.001396+00:00 Debian Oval Importer Affected by VCID-f7z6-jm9f-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T18:46:21.901608+00:00 Debian Oval Importer Fixing VCID-swze-zwv1-aaaq None 36.1.0
2025-06-07T18:04:32.998254+00:00 Debian Oval Importer Fixing VCID-hx2x-2bd6-aaag None 36.1.0
2025-06-07T17:27:43.836187+00:00 Debian Oval Importer Affected by VCID-f7z6-jm9f-aaap None 36.1.0
2025-06-07T16:57:33.111274+00:00 Debian Oval Importer Fixing VCID-rv7m-a4aw-aaas None 36.1.0
2025-06-07T13:37:08.494901+00:00 Debian Oval Importer Fixing VCID-1w6t-r8pu-aaas None 36.1.0
2025-04-12T21:27:19.641061+00:00 Debian Oval Importer Fixing VCID-rv7m-a4aw-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:03:00.276986+00:00 Debian Oval Importer Fixing VCID-swze-zwv1-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:24:19.032649+00:00 Debian Oval Importer Fixing VCID-hx2x-2bd6-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:07:20.978469+00:00 Debian Oval Importer Fixing VCID-1w6t-r8pu-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:42:09.973250+00:00 Debian Oval Importer Affected by VCID-f7z6-jm9f-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T07:57:11.955697+00:00 Debian Oval Importer Fixing VCID-swze-zwv1-aaaq https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:03:47.982413+00:00 Debian Oval Importer Fixing VCID-1w6t-r8pu-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:48:34.019843+00:00 Debian Oval Importer Fixing VCID-rv7m-a4aw-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:17:56.648827+00:00 Debian Oval Importer Fixing VCID-hx2x-2bd6-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:25:23.989246+00:00 Debian Oval Importer Affected by VCID-f7z6-jm9f-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T17:24:11.687106+00:00 Debian Oval Importer Fixing VCID-swze-zwv1-aaaq None 36.0.0
2025-04-07T16:41:38.007229+00:00 Debian Oval Importer Fixing VCID-hx2x-2bd6-aaag None 36.0.0
2025-04-07T16:02:09.633300+00:00 Debian Oval Importer Affected by VCID-f7z6-jm9f-aaap None 36.0.0
2025-04-07T15:30:38.404996+00:00 Debian Oval Importer Fixing VCID-rv7m-a4aw-aaas None 36.0.0
2025-04-07T12:12:33.622709+00:00 Debian Oval Importer Fixing VCID-1w6t-r8pu-aaas None 36.0.0