[pkg-gnupg-maint] Bug#901088: gnupg1: CVE-2018-12020: filename sanitization problem in GnuPG
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 8 21:10:31 BST 2018
Source: gnupg1
Version: 1.4.21-4
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://dev.gnupg.org/T4012
Hi,
The following vulnerability was published for gnupg1. I'm aware this
is only the legacy packages, the issue though is present there and not
having the fix in buster will later on represent a regression from
updates from stretch. Thus the RC severity as well as reasoning.
CVE-2018-12020[0]:
filename sanitization problem in GnuPG
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-12020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020
[1] https://dev.gnupg.org/T4012
Regards,
Salvatore
More information about the pkg-gnupg-maint
mailing list