[security fix] GnuPG 2.2.8 released (CVE-2018-12020)

Ben Finney ben+freesoftware at benfinney.id.au
Fri Jun 8 21:47:15 CEST 2018

Werner Koch <wk at gnupg.org> writes:

> Although GnuPG takes great care to sanitize all diagnostic and status
> output, the case at hand was missed but finally found and reported by
> Marcus Brinkmann.  CVE-2018-12020 was assigned to this bug; GnuPG tracks
> it at <https://dev/gnupg.org/T4012>.

Thank you to Marcus, Werner, and all involved in tracking, describing
for an audience, fixing this bug, and releasing the fix.

 \        “You don't change the world by placidly finding your bliss — |
  `\        you do it by focusing your discontent in productive ways.” |
_o__)                                       —Paul Z. Myers, 2011-08-31 |
Ben Finney <ben at benfinney.id.au>

More information about the Gnupg-users mailing list