CVE-2014-1929

Publication date 25 October 2014

Last updated 24 July 2024

Ubuntu priority

python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
python-gnupg	14.04 LTS trusty	Not affected
	13.10 saucy	Ignored
	12.10 quantal	Ignored
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release

How can I get the fixes?
What do statuses mean?

Notes

seth-arnold

I believe this issue was fixed by 0.3.6 or an earlier release

References

MITRE
NVD
Launchpad
Debian

Other references

http://www.openwall.com/lists/oss-security/2014/02/06/5
http://www.openwall.com/lists/oss-security/2014/02/12/15
https://www.cve.org/CVERecord?id=CVE-2014-1929