VulnerableCode Package Details - pkg:deb/debian/gnupg@1.4.9-3%2Blenny1

Search for packages

Package details: pkg:deb/debian/gnupg@1.4.9-3%2Blenny1

Essentials
History (12)

purl	pkg:deb/debian/gnupg@1.4.9-3%2Blenny1

Next non-vulnerable version	1.4.18-7+deb8u5
Latest non-vulnerable version	1.4.18-7+deb8u5
Risk	4.0

Vulnerabilities affecting this package (12)

Vulnerability	Summary	Fixed by
VCID-1zf7-khmk-6kax Aliases: CVE-2013-4242		1.4.12-7+deb7u4 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-7czy-2y37-d7bg Aliases: CVE-2013-4402		1.4.12-7+deb7u4 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-7hrs-wfbd-bbcf Aliases: CVE-2017-7526	libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.	1.4.18-7+deb8u5 Affected by 0 other vulnerabilities.
VCID-7qw9-vefx-p7g2 Aliases: CVE-2014-4617		1.4.12-7+deb7u4 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-9hja-pfy5-hfh6 Aliases: CVE-2015-0837	The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."	1.4.12-7+deb7u7 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gcbw-63wa-sqhp Aliases: CVE-2016-6313		1.4.18-7+deb8u5 Affected by 0 other vulnerabilities.
VCID-jke4-qk8u-8bcm Aliases: CVE-2014-5270		1.4.12-7+deb7u7 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mgnk-r26g-hbhc Aliases: CVE-2013-4576		1.4.12-7+deb7u4 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-p649-eevs-abhw Aliases: CVE-2014-3591	Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.	1.4.12-7+deb7u7 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-p6xn-vjxt-3qcu Aliases: CVE-2018-12020	mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.	1.4.18-7+deb8u5 Affected by 0 other vulnerabilities.
VCID-vt39-dedw-nkec Aliases: CVE-2015-1606	The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.	1.4.12-7+deb7u7 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-w1j5-xx92-q7e5 Aliases: CVE-2013-4351		1.4.12-7+deb7u4 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T10:29:53.176547+00:00	Debian Oval Importer	Affected by	VCID-7hrs-wfbd-bbcf	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	37.0.0
2025-08-01T10:29:46.577114+00:00	Debian Oval Importer	Affected by	VCID-gcbw-63wa-sqhp	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	37.0.0
2025-08-01T10:02:20.521010+00:00	Debian Oval Importer	Affected by	VCID-p6xn-vjxt-3qcu	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	37.0.0
2025-08-01T09:49:13.885308+00:00	Debian Oval Importer	Affected by	VCID-w1j5-xx92-q7e5	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:43:55.107210+00:00	Debian Oval Importer	Affected by	VCID-7czy-2y37-d7bg	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:41:48.601153+00:00	Debian Oval Importer	Affected by	VCID-vt39-dedw-nkec	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:41:14.407341+00:00	Debian Oval Importer	Affected by	VCID-mgnk-r26g-hbhc	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:33:22.294205+00:00	Debian Oval Importer	Affected by	VCID-1zf7-khmk-6kax	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:31:42.663430+00:00	Debian Oval Importer	Affected by	VCID-7qw9-vefx-p7g2	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:24:47.472456+00:00	Debian Oval Importer	Affected by	VCID-jke4-qk8u-8bcm	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:21:20.641326+00:00	Debian Oval Importer	Affected by	VCID-9hja-pfy5-hfh6	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0
2025-08-01T09:20:21.551024+00:00	Debian Oval Importer	Affected by	VCID-p649-eevs-abhw	https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2	37.0.0