VulnerableCode Package Details - pkg:deb/ubuntu/python-gnupg@0.4.1-1ubuntu1.18.04.1

Search for packages

Package details: pkg:deb/ubuntu/python-gnupg@0.4.1-1ubuntu1.18.04.1

Essentials
History (0)

purl	pkg:deb/ubuntu/python-gnupg@0.4.1-1ubuntu1.18.04.1

Next non-vulnerable version	0.4.3-1ubuntu1
Latest non-vulnerable version	0.4.3-1ubuntu1
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-4u1u-zxbs-aaag Aliases: CVE-2018-12020	mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.	0.4.3-1ubuntu1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-f7z6-jm9f-aaap	python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.	CVE-2019-6690 GHSA-2fch-jvg5-crf6 GHSA-qh62-ch95-63wh PYSEC-2019-115 PYSEC-2019-45

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version