{"id":"MGASA-2018-0292","summary":"Updated gnupg gnupg2 packages fix a security vulnerability","details":"Updated gnupg, gnupg2, and python-gnupg packages fix security vulnerability:\n\nMarcus Brinkmann discovered that during decryption or verification, GnuPG did\nnot properly filter out terminal sequences when reporting the original\nfilename. An attacker could use this to specially craft a file that would\ncause an application parsing GnuPG output to incorrectly interpret the status\nof the cryptographic operation reported by GnuPG (CVE-2018-12020).\n","modified":"2026-04-16T06:26:30.005065735Z","published":"2018-06-19T23:42:28Z","upstream":["CVE-2018-12020"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0292.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23162"},{"type":"WEB","url":"https://neopg.io/blog/gpg-signature-spoof/"},{"type":"WEB","url":"https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2018/06/13/10"},{"type":"WEB","url":"https://usn.ubuntu.com/3675-1/"}],"affected":[{"package":{"name":"gnupg","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/gnupg?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.19-1.4.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0292.json"}},{"package":{"name":"gnupg2","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/gnupg2?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.27-1.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0292.json"}},{"package":{"name":"python-gnupg","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/python-gnupg?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.3.6-4.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0292.json"}},{"package":{"name":"gnupg","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/gnupg?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.23-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0292.json"}},{"package":{"name":"gnupg2","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/gnupg2?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.21-3.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0292.json"}},{"package":{"name":"python-gnupg","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/python-gnupg?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.3.8-2.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0292.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}