Search for packages
Package details: pkg:deb/debian/gnupg@1.4.9-3%2Blenny1
purl pkg:deb/debian/gnupg@1.4.9-3%2Blenny1
Next non-vulnerable version 1.4.18-7+deb8u5
Latest non-vulnerable version 1.4.18-7+deb8u5
Risk 4.0
Vulnerabilities affecting this package (12)
Vulnerability Summary Fixed by
VCID-4s5w-7qf5-aaak
Aliases:
CVE-2015-0837
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."
1.4.12-7+deb7u7
Affected by 5 other vulnerabilities.
VCID-4u1u-zxbs-aaag
Aliases:
CVE-2018-12020
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
1.4.18-7+deb8u5
Affected by 0 other vulnerabilities.
VCID-5tp1-furh-aaak
Aliases:
CVE-2015-1606
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
1.4.12-7+deb7u7
Affected by 5 other vulnerabilities.
VCID-aab3-a7kh-aaah
Aliases:
CVE-2013-4242
CVE-2013-4242 GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack
1.4.12-7+deb7u4
Affected by 7 other vulnerabilities.
VCID-fan4-zdcw-aaam
Aliases:
CVE-2016-6313
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
1.4.18-7+deb8u5
Affected by 0 other vulnerabilities.
VCID-j5xr-gu26-aaah
Aliases:
CVE-2013-4576
CVE-2013-4576 gnupg: RSA secret key recovery via acoustic cryptanalysis
1.4.12-7+deb7u4
Affected by 7 other vulnerabilities.
VCID-pbke-pe96-aaad
Aliases:
CVE-2013-4351
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.
1.4.12-7+deb7u4
Affected by 7 other vulnerabilities.
VCID-qvrp-3wjr-aaaq
Aliases:
CVE-2013-4402
The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.
1.4.12-7+deb7u4
Affected by 7 other vulnerabilities.
VCID-sjza-hk7v-aaag
Aliases:
CVE-2014-5270
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.
1.4.12-7+deb7u7
Affected by 5 other vulnerabilities.
1.4.18-6
Affected by 4 other vulnerabilities.
VCID-vavn-12uu-aaan
Aliases:
CVE-2017-7526
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.
1.4.18-7+deb8u5
Affected by 0 other vulnerabilities.
VCID-vx9d-bz2m-aaan
Aliases:
CVE-2014-3591
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
1.4.12-7+deb7u7
Affected by 5 other vulnerabilities.
1.4.18-7
Affected by 3 other vulnerabilities.
VCID-xh3w-3nre-aaan
Aliases:
CVE-2014-4617
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.
1.4.12-7+deb7u4
Affected by 7 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T10:07:47.036490+00:00 Debian Oval Importer Affected by VCID-vavn-12uu-aaan https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-21T10:07:40.136680+00:00 Debian Oval Importer Affected by VCID-fan4-zdcw-aaam https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-21T09:40:25.499681+00:00 Debian Oval Importer Affected by VCID-4u1u-zxbs-aaag https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-21T09:27:35.678077+00:00 Debian Oval Importer Affected by VCID-pbke-pe96-aaad https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T09:22:21.702912+00:00 Debian Oval Importer Affected by VCID-qvrp-3wjr-aaaq https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T09:20:27.296821+00:00 Debian Oval Importer Affected by VCID-5tp1-furh-aaak https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T09:19:53.333248+00:00 Debian Oval Importer Affected by VCID-j5xr-gu26-aaah https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T09:12:08.274702+00:00 Debian Oval Importer Affected by VCID-aab3-a7kh-aaah https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T09:10:28.808831+00:00 Debian Oval Importer Affected by VCID-xh3w-3nre-aaan https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T09:03:39.151002+00:00 Debian Oval Importer Affected by VCID-sjza-hk7v-aaag https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T09:00:13.413881+00:00 Debian Oval Importer Affected by VCID-4s5w-7qf5-aaak https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T08:59:14.962571+00:00 Debian Oval Importer Affected by VCID-vx9d-bz2m-aaan https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-20T19:52:06.006568+00:00 Debian Oval Importer Affected by VCID-fan4-zdcw-aaam None 36.1.3
2025-06-20T19:41:16.212695+00:00 Debian Oval Importer Affected by VCID-4u1u-zxbs-aaag None 36.1.3
2025-06-20T19:39:03.659232+00:00 Debian Oval Importer Affected by VCID-vavn-12uu-aaan None 36.1.3
2025-06-20T19:33:42.176490+00:00 Debian Oval Importer Affected by VCID-aab3-a7kh-aaah None 36.1.3
2025-06-20T19:30:34.859447+00:00 Debian Oval Importer Affected by VCID-vx9d-bz2m-aaan None 36.1.3
2025-06-20T19:29:33.055013+00:00 Debian Oval Importer Affected by VCID-pbke-pe96-aaad None 36.1.3
2025-06-20T19:26:48.320912+00:00 Debian Oval Importer Affected by VCID-sjza-hk7v-aaag None 36.1.3
2025-06-20T19:24:14.581175+00:00 Debian Oval Importer Affected by VCID-j5xr-gu26-aaah None 36.1.3
2025-06-20T19:22:56.153607+00:00 Debian Oval Importer Affected by VCID-xh3w-3nre-aaan None 36.1.3
2025-06-08T03:56:58.439318+00:00 Debian Oval Importer Affected by VCID-vavn-12uu-aaan https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-08T03:56:52.043132+00:00 Debian Oval Importer Affected by VCID-fan4-zdcw-aaam https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-08T03:29:04.256296+00:00 Debian Oval Importer Affected by VCID-4u1u-zxbs-aaag https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-08T03:15:44.566084+00:00 Debian Oval Importer Affected by VCID-pbke-pe96-aaad https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T03:10:13.650095+00:00 Debian Oval Importer Affected by VCID-qvrp-3wjr-aaaq https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T03:08:17.196875+00:00 Debian Oval Importer Affected by VCID-5tp1-furh-aaak https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T03:07:43.730727+00:00 Debian Oval Importer Affected by VCID-j5xr-gu26-aaah https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T02:59:39.136832+00:00 Debian Oval Importer Affected by VCID-aab3-a7kh-aaah https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T02:57:53.944807+00:00 Debian Oval Importer Affected by VCID-xh3w-3nre-aaan https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T02:50:39.432952+00:00 Debian Oval Importer Affected by VCID-sjza-hk7v-aaag https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T02:47:03.430742+00:00 Debian Oval Importer Affected by VCID-4s5w-7qf5-aaak https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-08T02:45:59.365448+00:00 Debian Oval Importer Affected by VCID-vx9d-bz2m-aaan https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-07T13:43:32.994705+00:00 Debian Oval Importer Affected by VCID-fan4-zdcw-aaam None 36.1.0
2025-06-07T13:34:45.033818+00:00 Debian Oval Importer Affected by VCID-4u1u-zxbs-aaag None 36.1.0
2025-06-07T13:33:18.842327+00:00 Debian Oval Importer Affected by VCID-vavn-12uu-aaan None 36.1.0
2025-06-07T13:29:36.847975+00:00 Debian Oval Importer Affected by VCID-aab3-a7kh-aaah None 36.1.0
2025-06-07T13:27:21.428562+00:00 Debian Oval Importer Affected by VCID-vx9d-bz2m-aaan None 36.1.0
2025-06-07T13:26:32.519666+00:00 Debian Oval Importer Affected by VCID-pbke-pe96-aaad None 36.1.0
2025-06-07T13:24:41.676154+00:00 Debian Oval Importer Affected by VCID-sjza-hk7v-aaag None 36.1.0
2025-06-07T13:22:48.301918+00:00 Debian Oval Importer Affected by VCID-j5xr-gu26-aaah None 36.1.0
2025-06-07T13:21:47.779930+00:00 Debian Oval Importer Affected by VCID-xh3w-3nre-aaan None 36.1.0
2025-06-03T13:25:48.911325+00:00 Debian Oval Importer Affected by VCID-pbke-pe96-aaad None 36.1.2
2025-06-03T13:23:58.867409+00:00 Debian Oval Importer Affected by VCID-sjza-hk7v-aaag None 36.1.2
2025-06-03T13:22:10.872947+00:00 Debian Oval Importer Affected by VCID-j5xr-gu26-aaah None 36.1.2
2025-06-03T13:21:11.028270+00:00 Debian Oval Importer Affected by VCID-xh3w-3nre-aaan None 36.1.2
2025-04-08T02:24:55.160713+00:00 Debian Oval Importer Affected by VCID-vavn-12uu-aaan https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-08T02:24:48.472764+00:00 Debian Oval Importer Affected by VCID-fan4-zdcw-aaam https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-08T01:56:30.469756+00:00 Debian Oval Importer Affected by VCID-4u1u-zxbs-aaag https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-08T01:43:10.827907+00:00 Debian Oval Importer Affected by VCID-pbke-pe96-aaad https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:37:34.537828+00:00 Debian Oval Importer Affected by VCID-qvrp-3wjr-aaaq https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:35:34.129795+00:00 Debian Oval Importer Affected by VCID-5tp1-furh-aaak https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:34:58.871475+00:00 Debian Oval Importer Affected by VCID-j5xr-gu26-aaah https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:26:45.963912+00:00 Debian Oval Importer Affected by VCID-aab3-a7kh-aaah https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:25:01.998315+00:00 Debian Oval Importer Affected by VCID-xh3w-3nre-aaan https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:17:52.496963+00:00 Debian Oval Importer Affected by VCID-sjza-hk7v-aaag https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:14:12.890610+00:00 Debian Oval Importer Affected by VCID-4s5w-7qf5-aaak https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-08T01:13:11.724988+00:00 Debian Oval Importer Affected by VCID-vx9d-bz2m-aaan https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-07T12:18:49.762026+00:00 Debian Oval Importer Affected by VCID-fan4-zdcw-aaam None 36.0.0
2025-04-07T12:10:10.541599+00:00 Debian Oval Importer Affected by VCID-4u1u-zxbs-aaag None 36.0.0
2025-04-07T12:08:44.593339+00:00 Debian Oval Importer Affected by VCID-vavn-12uu-aaan None 36.0.0
2025-04-07T12:05:04.590631+00:00 Debian Oval Importer Affected by VCID-aab3-a7kh-aaah None 36.0.0
2025-04-07T12:02:52.820848+00:00 Debian Oval Importer Affected by VCID-vx9d-bz2m-aaan None 36.0.0
2025-04-07T12:02:03.583242+00:00 Debian Oval Importer Affected by VCID-pbke-pe96-aaad None 36.0.0
2025-04-07T12:00:11.942699+00:00 Debian Oval Importer Affected by VCID-sjza-hk7v-aaag None 36.0.0
2025-04-07T11:58:19.385443+00:00 Debian Oval Importer Affected by VCID-j5xr-gu26-aaah None 36.0.0
2025-04-07T11:57:18.182708+00:00 Debian Oval Importer Affected by VCID-xh3w-3nre-aaan None 36.0.0
2024-10-05T11:42:59.483103+00:00 Debian Oval Importer Affected by VCID-aab3-a7kh-aaah https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 34.0.1