CVE-2007-1263 Affecting gnupg2 package, versions <2.0.3-1
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
EPSS
27.44% (97th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN9-GNUPG2-340479
- published 6 Mar 2007
- disclosed 6 Mar 2007
Introduced: 6 Mar 2007
CVE-2007-1263 Open this link in a new tabHow to fix?
Upgrade Debian:9 gnupg2 to version 2.0.3-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Debian.
See How to fix? for Debian:9 relevant fixed versions and status.
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
References
- https://security-tracker.debian.org/tracker/CVE-2007-1263
- http://www.securityfocus.com/archive/1/461958/100/0/threaded
- http://www.securityfocus.com/archive/1/461958/30/7710/threaded
- https://issues.rpath.com/browse/RPL-1111
- http://support.avaya.com/elmodocs2/security/ASA-2007-144.htm
- http://www.debian.org/security/2007/dsa-1266
- http://fedoranews.org/cms/node/2775
- http://fedoranews.org/cms/node/2776
- http://www.coresecurity.com/?action=item&id=1687
- http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10496
- http://secunia.com/advisories/24365
- http://secunia.com/advisories/24407
- http://secunia.com/advisories/24419
- http://secunia.com/advisories/24420
- http://secunia.com/advisories/24438
- http://secunia.com/advisories/24489
- http://secunia.com/advisories/24511
- http://secunia.com/advisories/24544
- http://secunia.com/advisories/24650
- http://secunia.com/advisories/24734
- http://secunia.com/advisories/24875
- http://www.securityfocus.com/bid/22757
- http://www.securitytracker.com/id?1017727
- ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
- http://securityreason.com/securityalert/2353
- http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html
- http://www.trustix.org/errata/2007/0009/
- http://www.ubuntu.com/usn/usn-432-1
- http://www.ubuntu.com/usn/usn-432-2
- http://www.vupen.com/english/advisories/2007/0835
- http://www.redhat.com/support/errata/RHSA-2007-0106.html
- http://www.redhat.com/support/errata/RHSA-2007-0107.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:059