Search for packages
Package details: pkg:alpm/archlinux/gnupg@2.2.7-1
purl pkg:alpm/archlinux/gnupg@2.2.7-1
Next non-vulnerable version 2.2.8-1
Latest non-vulnerable version 2.2.36-1
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-4u1u-zxbs-aaag
Aliases:
CVE-2018-12020
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
2.2.8-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-03-28T07:46:02.867013+00:00 Arch Linux Importer Affected by VCID-4u1u-zxbs-aaag https://security.archlinux.org/AVG-713 36.0.0
2024-09-18T02:01:06.878608+00:00 Arch Linux Importer Affected by VCID-4u1u-zxbs-aaag https://security.archlinux.org/AVG-713 34.0.1
2024-01-25T16:07:06.788923+00:00 Arch Linux Importer Affected by VCID-4u1u-zxbs-aaag https://security.archlinux.org/AVG-713 34.0.0rc2
2024-01-03T22:27:22.698840+00:00 Arch Linux Importer Affected by VCID-4u1u-zxbs-aaag https://security.archlinux.org/AVG-713 34.0.0rc1