rpm package
opensuse/python-python-gnupg&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-python-gnupg&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-6690 | — | < 0.5.2-1.5 | 0.5.2-1.5 | Mar 17, 2019 | python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation | ||
| CVE-2018-12020 | — | < 0.5.2-1.5 | 0.5.2-1.5 | Jun 8, 2018 | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP da |
- CVE-2019-6690Mar 17, 2019affected < 0.5.2-1.5fixed 0.5.2-1.5
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation
- CVE-2018-12020Jun 8, 2018affected < 0.5.2-1.5fixed 0.5.2-1.5
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP da