VulnerableCode Package Details - pkg:deb/debian/gnupg2@2.0.26-6

Search for packages

Package details: pkg:deb/debian/gnupg2@2.0.26-6

Essentials
History (54)

purl	pkg:deb/debian/gnupg2@2.0.26-6

Next non-vulnerable version	2.2.40-1.1+deb12u1
Latest non-vulnerable version	2.4.7-17
Risk	4.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-4u1u-zxbs-aaag Aliases: CVE-2018-12020	mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.	2.0.26-6+deb8u2 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.1.18-8~deb9u4 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.12-1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bv5h-ayrs-aaan Aliases: CVE-2018-1000858	GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.	2.2.12-1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ey5p-3qp3-aaam Aliases: CVE-2022-34903	GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.	2.2.12-1+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.27-2+deb11u2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-gkq6-68mx-aaak Aliases: CVE-2018-9234	GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.	2.2.12-1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-m3q4-wftu-aaaa Aliases: CVE-2019-14855	A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.	2.2.12-1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.20-1~bpo9+1 Affected by 0 other vulnerabilities. 2.2.27-2~bpo10+1 Affected by 0 other vulnerabilities. 2.2.27-2+deb11u2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-5tp1-furh-aaak	The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.	CVE-2015-1606
VCID-sjc5-hg88-aaaa	kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."	CVE-2015-1607

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T17:52:54.999034+00:00	Debian Oval Importer	Fixing	VCID-5tp1-furh-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T17:32:48.630752+00:00	Debian Oval Importer	Fixing	VCID-sjc5-hg88-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T16:35:57.384543+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T15:44:03.775747+00:00	Debian Oval Importer	Affected by	VCID-bv5h-ayrs-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T14:11:52.631302+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:57:15.327153+00:00	Debian Oval Importer	Affected by	VCID-gkq6-68mx-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T11:05:42.656343+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.3
2025-06-21T10:02:38.208491+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.3
2025-06-21T06:04:25.649250+00:00	Debian Oval Importer	Affected by	VCID-m3q4-wftu-aaaa	None	36.1.3
2025-06-21T00:24:25.291877+00:00	Debian Oval Importer	Fixing	VCID-5tp1-furh-aaak	None	36.1.3
2025-06-21T00:16:54.389901+00:00	Debian Oval Importer	Affected by	VCID-bv5h-ayrs-aaan	None	36.1.3
2025-06-20T23:57:43.877582+00:00	Debian Oval Importer	Affected by	VCID-gkq6-68mx-aaak	None	36.1.3
2025-06-20T21:53:52.186649+00:00	Debian Oval Importer	Fixing	VCID-sjc5-hg88-aaaa	None	36.1.3
2025-06-20T20:23:27.738512+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	None	36.1.3
2025-06-20T19:50:36.575707+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	None	36.1.3
2025-06-08T13:13:31.447132+00:00	Debian Oval Importer	Affected by	VCID-bv5h-ayrs-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T12:06:53.176502+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T10:24:45.307880+00:00	Debian Oval Importer	Fixing	VCID-5tp1-furh-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T10:08:43.257893+00:00	Debian Oval Importer	Fixing	VCID-sjc5-hg88-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T09:21:37.013898+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T08:37:54.592292+00:00	Debian Oval Importer	Affected by	VCID-bv5h-ayrs-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T07:05:14.848972+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:51:24.828599+00:00	Debian Oval Importer	Affected by	VCID-gkq6-68mx-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T04:35:14.722436+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.1.0
2025-06-08T03:51:45.841758+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.1.0
2025-06-07T23:43:10.703227+00:00	Debian Oval Importer	Affected by	VCID-m3q4-wftu-aaaa	None	36.1.0
2025-06-07T17:47:13.264182+00:00	Debian Oval Importer	Fixing	VCID-5tp1-furh-aaak	None	36.1.0
2025-06-07T17:39:48.027513+00:00	Debian Oval Importer	Affected by	VCID-bv5h-ayrs-aaan	None	36.1.0
2025-06-07T17:20:37.894219+00:00	Debian Oval Importer	Affected by	VCID-gkq6-68mx-aaak	None	36.1.0
2025-06-07T15:17:14.330187+00:00	Debian Oval Importer	Fixing	VCID-sjc5-hg88-aaaa	None	36.1.0
2025-06-07T13:58:51.950327+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	None	36.1.0
2025-06-07T13:42:02.237176+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	None	36.1.0
2025-04-12T22:39:32.222573+00:00	Debian Oval Importer	Affected by	VCID-gkq6-68mx-aaak	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T22:37:31.741552+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T22:26:06.501378+00:00	Debian Oval Importer	Fixing	VCID-5tp1-furh-aaak	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T21:39:24.953446+00:00	Debian Oval Importer	Affected by	VCID-m3q4-wftu-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T19:54:13.056830+00:00	Debian Oval Importer	Fixing	VCID-sjc5-hg88-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T19:01:22.032763+00:00	Debian Oval Importer	Affected by	VCID-bv5h-ayrs-aaan	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T17:52:24.370308+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T16:05:53.420953+00:00	Debian Oval Importer	Fixing	VCID-5tp1-furh-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-12T15:49:30.784912+00:00	Debian Oval Importer	Fixing	VCID-sjc5-hg88-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T07:53:51.637060+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T07:09:20.854185+00:00	Debian Oval Importer	Affected by	VCID-bv5h-ayrs-aaan	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T05:37:52.237086+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T05:23:53.353069+00:00	Debian Oval Importer	Affected by	VCID-gkq6-68mx-aaak	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T03:05:51.241790+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	36.0.0
2025-04-08T02:19:35.701427+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	36.0.0
2025-04-07T22:15:15.933303+00:00	Debian Oval Importer	Affected by	VCID-m3q4-wftu-aaaa	None	36.0.0
2025-04-07T16:23:40.106775+00:00	Debian Oval Importer	Fixing	VCID-5tp1-furh-aaak	None	36.0.0
2025-04-07T16:14:43.129341+00:00	Debian Oval Importer	Affected by	VCID-bv5h-ayrs-aaan	None	36.0.0
2025-04-07T15:54:39.476250+00:00	Debian Oval Importer	Affected by	VCID-gkq6-68mx-aaak	None	36.0.0
2025-04-07T13:48:44.793639+00:00	Debian Oval Importer	Fixing	VCID-sjc5-hg88-aaaa	None	36.0.0
2025-04-07T12:33:21.772612+00:00	Debian Oval Importer	Affected by	VCID-ey5p-3qp3-aaam	None	36.0.0
2025-04-07T12:17:21.145186+00:00	Debian Oval Importer	Affected by	VCID-4u1u-zxbs-aaag	None	36.0.0