How to detect patched versus bugged gpg binary

Mike Ingle mike at
Tue Sep 6 06:43:13 CEST 2016

Question about GPG versions:

Due to CVE-2016-6313, I put out a new version of Confidant Mail where 
the Windows and Mac binaries include GPG 1.4.21.
I also put in a pop-up dialog to warn if someone uses it with a 
pre-1.4.21 version of GPG. However, Debian and Tails 2.6rc1
have patched 1.4.18 instead of using 1.4.21, and gpg --version does not 
show the patch level. Is there any call to gpg that will
display the Debian patch level and tell me if the version I'm using is 
fixed or not?

If not, I'm either going to have to remove the pop-up warning, or rely 
on calling dpkg to ask the version.


More information about the Gnupg-users mailing list