security update in Fedora 27 for gnupg

Status: stable a year ago
  • New upstream v1.4.23 (#1589802,#1589620,#1589624)
  • Remove patches included in upstream release
  • Note that this includes the fix for [CVE-2018-12020]

  • doc Remove documentation for future option faked sys
  • build Don't use dev srandom on OpenBSD
  • Do not use C99 feature
  • g10 Fix regexp sanitization
  • g10 Push compress filter only if compressed
  • gpg Sanitize diagnostic with the original file name [CVE-2018-12020]

How to install

sudo dnf upgrade --advisory=FEDORA-2018-69780fc4d7

Comments 9

This update has been submitted for testing by bcl.

This update has obsoleted gnupg-1.4.22-4.fc27, and has inherited its bugs and notes.

This update has been pushed to testing.

works for me in a VM

karma: +1

no regressions noted

karma: +1

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes


karma: +1

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
Test Gating
Submitted by
Update Type
Update Severity
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Autopush (time)
submitted a year ago
in testing a year ago
in stable a year ago

Related Bugs 2

00 #1589624 CVE-2018-12020 gnupg: gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification [fedora-all]
00 #1589802 gnupg-1.4.23 is available

Automated Test Results