Source: gnupg1 Version: 1.4.21-4 Severity: grave Tags: patch security upstream Justification: user security hole Forwarded: https://dev.gnupg.org/T4012
Hi, The following vulnerability was published for gnupg1. I'm aware this is only the legacy packages, the issue though is present there and not having the fix in buster will later on represent a regression from updates from stretch. Thus the RC severity as well as reasoning. CVE-2018-12020[0]: filename sanitization problem in GnuPG If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-12020 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020 [1] https://dev.gnupg.org/T4012 Regards, Salvatore