back to article GnuPG patched to thwart 'fake filename'

If you're a developer relying on GnuPG, check upstream for an update that plugs an input sanitisation bug. The short version, given in CVE-2018-12020, is that mainproc.c mishandles the filename, and as a result, an attacker can spoof the output it sends to other programs. “For example, the OpenPGP data might represent an …

  1. mark l 2 Silver badge

    Don't know when this vulnerability was fixed but my Linux Mint box had an update for this file for download today. Although I don't use any software AFAIK that uses the software I am impressed with the speed that the update was made available.

    1. Garymrrsn

      "Don't know when this vulnerability was fixed but my Linux Mint box had an update for this file for download today. "

      Same here, getting a bug fix before I read about it in The Reg, what's the world coming to?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019