GnuPG VS-Desktop 3.1.23

GnuPG VS-Desktop® version 3.1.23 is available since 2022-07-08. The previous version was 3.1.22. This Version is a security update outside of the regular release schedule and contains no new features.

Notes to Admins

A bug in GnuPG (CVE-2022-34903) could be used to inject wrong status information in signatures. This could be abused to display a wrong validity in Kleopatra and GpgOL. (T6027)

Solved Bugs

GUI (Kleopatra)

  • Kleopatra: A crash that occured when exiting the Application has been fixed. (T5962)

Engine (GnuPG)

  • Fix possibly garbled status messages in NOTATION_DATA. This bug could trick GPGME and other parsers to accept faked status lines. (T6027)

Versions of the Components

Component Version Remarks
GnuPG 2.2.36 T5949
Kleopatra 3.1.22  
GpgOL 2.5.3  
GpgEX 1.0.9  
Libgcrypt 1.8.9  
Unless otherwise noted, these web pages are: Copyright 2024 g10 Code GmbH. Verbatim copying and distribution is permitted in any medium, provided this notice is preserved. See the Legal Notice & Privacy Policy for details. This page was last changed on 2022-09-09.