| Package | gnupg |
|---|---|
| Version | 1.4.12-7+deb7u10 |
| Related CVEs | CVE-2018-12020 |
Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.
Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
For Debian 7 Wheezy, these problems have been fixed in version 1.4.12-7+deb7u10.
We recommend that you upgrade your gnupg packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.