[3.7] gnupg: filename sanitization problem (CVE-2018-12020)
GnuPG before version 2.2.8 does not properly sanitize original filenames
of signed or encrypted messages allowing for the insertion of line feeds
and other control characters.
An attacker could exploit this by injecting such characters to craft status messages and fake the validity of signatures.
(from redmine: issue id 8994, created on 2018-06-13, closed on 2018-06-14)
- Revision b653afac on 2018-06-13T13:40:24Z:
main/gnupg: security fix (CVE-2018-12020) Fixes #8994