Univention Bugzilla – Bug 54287
python-gnupg: Multiple issues (4.4)
Last modified: 2022-01-05 17:58:57 CET
New Debian python-gnupg 0.3.9-1+deb9u1 fixes: This update addresses the following issues: * Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) * improper input validation in gnupg.GPG.encrypt() and gnupg.GPG.decrypt() (CVE-2019-6690)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/python-gnupg_0.3.9-1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/python-gnupg_0.3.9-1+deb9u1.dsc @@ -1,3 +1,10 @@ +0.3.9-1+deb9u1 [Wed, 29 Dec 2021 00:31:51 +0530] Utkarsh Gupta <utkarsh@debian.org>: + + * Add patch to add checks to disallow newline-type + characters in passphrases. (Fixes: CVE-2019-6690) + * Add patch to add --no-verbose to the gpg command + line. (Fixes: CVE-2018-12020) + 0.3.9-1 [Fri, 21 Oct 2016 15:23:17 +0200] Elena Grandi <valhalla-d@trueelena.org>: * Removed patches merged upstream. <http://piuparts.knut.univention.de/4.4-8/#6150706320130779326>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x1141>