back to article GnuPG patched to thwart 'fake filename'

If you're a developer relying on GnuPG, check upstream for an update that plugs an input sanitisation bug. The short version, given in CVE-2018-12020, is that mainproc.c mishandles the filename, and as a result, an attacker can spoof the output it sends to other programs. “For example, the OpenPGP data might represent an …

Silver badge

Don't know when this vulnerability was fixed but my Linux Mint box had an update for this file for download today. Although I don't use any software AFAIK that uses the software I am impressed with the speed that the update was made available.

5
1

"Don't know when this vulnerability was fixed but my Linux Mint box had an update for this file for download today. "

Same here, getting a bug fix before I read about it in The Reg, what's the world coming to?

5
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018