Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:10 relevant versions.
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
gnupg2 to version 2.0.26-5 or higher.