Debian Package Tracker

general

source: gnupg2 (main)
version: 2.2.20-1
maintainer: Debian GnuPG Maintainers (archive) (DMD)
uploaders: Eric Dorland [DMD] – Daniel Kahn Gillmor [DMD]
arch: all any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.0.26-6+deb8u2
o-o-sec: 2.0.26-6+deb8u2
oldstable: 2.1.18-8~deb9u4
old-sec: 2.1.18-8~deb9u2
old-bpo: 2.2.12-1+deb10u1~bpo9+1
old-bpo-sl: 2.2.20-1~bpo9+1
stable: 2.2.12-1+deb10u1
stable-bpo: 2.2.20-1~bpo10+1
testing: 2.2.20-1
unstable: 2.2.20-1

versioned links

2.0.26-6+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1.18-8~deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1.18-8~deb9u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.12-1+deb10u1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.12-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.20-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.20-1~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.2.20-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

dirmngr (11 bugs: 0, 7, 4, 0)
gnupg (98 bugs: 0, 69, 29, 0)
gnupg-agent (49 bugs: 0, 39, 10, 0)
gnupg-l10n
gnupg-utils
gnupg2 (47 bugs: 0, 31, 16, 0)
gpg (12 bugs: 0, 10, 2, 0)
gpg-agent (5 bugs: 0, 5, 0, 0)
gpg-wks-client (2 bugs: 0, 2, 0, 0)
gpg-wks-server
gpgconf (1 bugs: 0, 1, 0, 0)
gpgsm (9 bugs: 0, 9, 0, 0)
gpgv (3 bugs: 0, 3, 0, 0)
gpgv-static
gpgv-udeb
gpgv-win32
gpgv2
scdaemon (11 bugs: 0, 9, 2, 0)

action needed

A new upstream version is available: 2.2.21 high

A new upstream version 2.2.21 is available, you should consider packaging it.

Created: 2020-07-11 Last update: 2020-08-12 05:02

Depends on packages which need a new maintainer normal

The packages that gnupg2 depends on which need a new maintainer are:

xloadimage (#919265)
- Suggests: xloadimage

Created: 2020-01-09 Last update: 2020-08-12 08:33

1 bug tagged help in the BTS normal

The BTS contains 1 bug tagged help, please consider helping the maintainer in dealing with it.

Created: 2019-03-21 Last update: 2020-08-12 07:30

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2020-06-28 Last update: 2020-08-12 07:30

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-07-29 12:31

3 ignored security issues in stretch low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2018-1000858: GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.
CVE-2018-9234: GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
CVE-2019-14855: A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

Please fix them.

Created: 2018-04-05 Last update: 2020-08-07 06:08

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2019-14855: A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

Please fix it.

Created: 2019-11-25 Last update: 2020-08-07 06:08

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2017-10-26 Last update: 2017-10-26 07:22

news

[rss feed]

[2020-05-12] Accepted gnupg2 2.2.20-1~bpo9+1 (source) into stretch-backports-sloppy->backports-policy, stretch-backports-sloppy (Debian FTP Masters) (signed by: Roger Shimizu)
[2020-05-07] Accepted gnupg2 2.2.20-1~bpo10+1 (source) into buster-backports (Roger Shimizu)
[2020-03-28] gnupg2 2.2.20-1 MIGRATED to testing (Debian testing watch)
[2020-03-23] Accepted gnupg2 2.2.20-1 (source) into unstable (Daniel Kahn Gillmor)
[2020-03-17] gnupg2 2.2.19-3 MIGRATED to testing (Debian testing watch)
[2020-03-09] Accepted gnupg2 2.2.19-3 (source) into unstable (Daniel Kahn Gillmor)
[2020-03-03] Accepted gnupg2 2.2.19-2~bpo9+1 (source) into stretch-backports-sloppy->backports-policy, stretch-backports-sloppy (Debian FTP Masters) (signed by: Roger Shimizu)
[2020-03-02] Accepted gnupg2 2.2.19-2~bpo10+1 (source) into buster-backports (Roger Shimizu)
[2020-03-01] gnupg2 2.2.19-2 MIGRATED to testing (Debian testing watch)
[2020-02-27] Accepted gnupg2 2.2.19-2 (source) into unstable (Daniel Kahn Gillmor)
[2020-01-16] Accepted gnupg2 2.2.19-1~bpo9+1 (source) into stretch-backports-sloppy->backports-policy, stretch-backports-sloppy (Roger Shimizu)
[2020-01-12] Accepted gnupg2 2.2.19-1~bpo10+1 (source) into buster-backports (Roger Shimizu)
[2020-01-11] gnupg2 2.2.19-1 MIGRATED to testing (Debian testing watch)
[2020-01-08] Accepted gnupg2 2.2.19-1 (source) into unstable (Daniel Kahn Gillmor)
[2019-09-05] Accepted gnupg2 2.2.12-1+deb10u1~bpo9+1 (source) into stretch-backports->backports-policy, stretch-backports (Roger Shimizu)
[2019-08-31] Accepted gnupg2 2.2.12-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Daniel Kahn Gillmor)
[2019-08-08] Accepted gnupg2 2.2.17-3~bpo9+2 (source) into stretch-backports-sloppy->backports-policy, stretch-backports-sloppy (Roger Shimizu)
[2019-08-06] Accepted gnupg2 2.2.17-3~bpo10+2 (source) into buster-backports (Roger Shimizu)
[2019-07-28] Accepted gnupg2 2.2.17-3~bpo10+1 (source amd64 all) into buster-backports, buster-backports (Roger Shimizu)
[2019-07-28] Accepted gnupg2 2.2.17-3~bpo9+1 (source amd64 all) into stretch-backports-sloppy->backports-policy, stretch-backports-sloppy (Roger Shimizu)
[2019-07-23] gnupg2 2.2.17-3 MIGRATED to testing (Debian testing watch)
[2019-07-17] Accepted gnupg2 2.2.17-3 (source) into unstable (Daniel Kahn Gillmor)
[2019-07-14] Accepted gnupg2 2.2.17-2 (source) into unstable (Daniel Kahn Gillmor)
[2019-07-13] gnupg2 2.2.13-2 MIGRATED to testing (Debian testing watch)
[2019-07-12] Accepted gnupg2 2.2.17-1 (source) into unstable (Daniel Kahn Gillmor)
[2019-06-18] Accepted gnupg2 2.2.16-2 (source) into experimental (Daniel Kahn Gillmor)
[2019-05-29] Accepted gnupg2 2.2.16-1 (source) into experimental (Daniel Kahn Gillmor)
[2019-05-14] Accepted gnupg2 2.2.13-2 (source) into unstable (Daniel Kahn Gillmor)
[2019-04-01] Accepted gnupg2 2.2.15-1 (source) into experimental (Daniel Kahn Gillmor)
[2019-03-20] Accepted gnupg2 2.2.14-1 (source) into experimental (Daniel Kahn Gillmor)

bugs [bug history graph]

all: 245 257
RC: 0
I&N: 183 192
M&W: 60 63
F&P: 2
patch: 2
help: 1

links

homepage
lintian (0, 1)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
l10n (-, 60)
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.2.20-1ubuntu1
56 bugs (1 patch)
patches for 2.2.20-1ubuntu1