[SECURITY] [DLA 2862-1] python-gnupg security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2862-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
December 29, 2021 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------
Package : python-gnupg
Version : 0.3.9-1+deb9u1
CVE ID : CVE-2018-12020 CVE-2019-6690
A couple of vulnerabilites were found in python-gnupg, a Python
wrapper for the GNU Privacy Guard.
CVE-2018-12020
Marcus Brinkmann discovered that GnuPG before 2.2.8 improperly
handled certain command line parameters. A remote attacker
could use this to spoof the output of GnuPG and cause unsigned
e-mail to appear signed.
CVE-2019-6690
It was discovered that python-gnupg incorrectly handled the GPG
passphrase. A remote attacker could send a specially crafted
passphrase that would allow them to control the output of
encryption and decryption operations.
For Debian 9 stretch, these problems have been fixed in version
0.3.9-1+deb9u1.
We recommend that you upgrade your python-gnupg packages.
For the detailed security status of python-gnupg please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/python-gnupg
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmHLfW0ACgkQgj6WdgbD
S5Y69Q/+MH4ZaPk7ejpyET1B4eGcbs9MO8mQujHlJuYGQJnbS6bD9W6U64+26859
YE8ymF6ljhDaXpAXKhZIUdvGlkKpy87R0jPEVlsHxcti6Vy58imzKiUNpFCtRnLV
nRMz04P8OZ91yRjbERFyGKh2Ckdlc9VlKC2Th2i3tgk0p3Z8/keZee+XzQvSuosJ
ygoGay3oee8IS350XgEz5rkpFVWmgEGFT2Ni1iDKneyxUVHFxeV/owp/HaLHO5Mw
8DI8E2fViTyFRn85c31asHzXdPaUBKpWaVu4kh3Es1tq5/vqaNWodANR1zItMfy/
C6uRfzZhnQhETZvPAqaEMMafNo3h4+8pCRMhjI9NEj9C2Toryf+2AP36wXdXxH9N
d5E8yApLI7jkfiNR06VrYkepgsjzar4PXHnSIbQ/NJNP3PDGjjz4OHS2QwXX8eAC
UeqIFsBaWQXOM/vzhQQKU5tRn57Kwy4379M+Z/wdHpcMhiWTD68OPhvelxJO9pPh
j7Tt7bAqruOe4o0XaIQ5aSLNC2vu3JyZIgGEMK1Skwqna/Alw+3WzK8P+XqIbIii
y1s7EYMrPYOLXAlyYKDBlUaS+s1fZOA+x2IPHVd3jv4MNfl6Fz6kRDzvjI0qmm5p
8vkUgT50cAedICGmkUMB/RS7t6KiP2viM78ke+3Bg9bfl835b1Q=
=ocnN
-----END PGP SIGNATURE-----
Reply to: