Debian Security Tracker says that Debian's v2.0.x is affected:
https://security-tracker.debian.org/tracker/CVE-2018-12020. Most likely
ours is as well. There are two ways forward. Bumping our GnuPG to 2.2.8,
or rebase our current stream to Debian jessie v2.0.26-6+deb8u2.
Michal
On 06/09/18
Hi all,
I just saw that GnuPG announced the new version 2.2.8
(https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html).
I am not sure whether our GnuPG 2.0.30 is effected by this vulnerability.
According to https://www.gnupg.org/download 2.0.x is eol'd 31.12.2017.
So, do we need a
