UbuntuUpdates.org

Package "python-gnupg"

Name: python-gnupg

Description:

Python wrapper for the GNU Privacy Guard (Python 2.x)

Latest version: 0.4.1-1ubuntu1.18.04.1
Release: bionic (18.04)
Level: updates
Repository: universe
Homepage: https://bitbucket.org/vinay.sajip/python-gnupg

Links


Download "python-gnupg"


Other versions of "python-gnupg" in Bionic

Repository Area Version
base universe 0.4.1-1ubuntu1
security universe 0.4.1-1ubuntu1.18.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.4.1-1ubuntu1.18.04.1 2019-05-02 16:07:46 UTC

  python-gnupg (0.4.1-1ubuntu1.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Improper input validation
    - debian/patches/CVE-2019-6690-1.patch: Added checks to disallow
      newline-type characters in passphrases.
    - debian/patches/CVE-2019-6690-2.patch: Expand passphrase check to include
      NUL bytes.
    - CVE-2019-6690
  * SECURITY UPDATE: Fake verification status of signed mail
    - debian/patches/CVE-2018-12020.patch: Added --no-verbose to the gpg
      command line
    - CVE-2018-12020

 -- Mike Salvatore <email address hidden> Tue, 30 Apr 2019 11:14:17 -0400

CVE-2019-6690 python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase
CVE-2018-12020 mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof



About   -   Send Feedback to @ubuntu_updates