-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-4372-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 26, 2019
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CONTACT-FILE-HTML-INJECTION-MAILTO-LINK-ARBITRARY-CODE-EXECUTION.txt
[+] ISR: ApparitionSec
[+] Zero Day Initiative Program
[+]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
CVE-2019-6690: Improper Input Validation in python-gnupg
We discovered a way to inject data through the passphrase property of
the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() methods when