CVE-2007-1269 gnumail

Metadata

medium
5.0
gnumail
CVE-2007-1269
2017-06-18 07:04
CVE-2007-1269
2017-06-16 18:47
2017-04-01 19:11
2017-01-05 20:16

Description

GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
buster gnumail None
sid gnumail None
stretch gnumail None