GnuPG 1.4.23 released on 2018-06-11, addresses CVE-2017-7526
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnupg (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
According to the information at the GnuPG Web site (https:/
https:/
https:/
In addition, according to the information on the GnuPG news page (https:/
https:/
https:/
On the same page, it is mentioned that GnuPG 1.4.21 was released around 2016-08-17 to address the issue in CVE-2016-6313.
https:/
https:/
The changelog for the gnupg package version 1.4.20-1ubuntu3.2 mentions fixes for CVE-2018-12020 and CVE-2016-6313. There is no mention of CVE-2017-7526.
http://
Your attention to this issue is appreciated.
CVE References
information type: | Private Security → Public Security |
Changed in gnupg (Ubuntu): | |
importance: | Undecided → Medium |
Thank you for your attention to detail. CVE-2017-7526 was fixed in USN-3347-1 and -2 by patching the libgcrypt20 and libgcrypt11 source packages:
https:/ /usn.ubuntu. com/3347- 1/ /usn.ubuntu. com/3347- 2/
https:/
You can track our work per-cve on https:/ /people. canonical. com/~ubuntu- security/ cve/2017/ CVE-2017- 7526.html and similar pages, which will show the source packages that may be affected by any given CVE.
Thanks