openSUSE Security Update : python-python-gnupg (openSUSE-2018-646)
Medium Nessus Plugin ID 110591
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for python-python-gnupg to version 0.4.3 fixes the following issues :
The following security vulnerabilities were addressed :
- Sanitize diagnostic output of the original file name in verbose mode (CVE-2018-12020 boo#1096745)
The following other changes were made :
- Add --no-verbose to the gpg command line, in case verbose is specified is gpg.conf.
- Add expect_passphrase password for use on GnuPG >= 2.1 when passing passphrase to gpg via pinentry
- Provide a trust_keys method to allow setting the trust level for keys
- When the gpg executable is not found, note the path used in the exception message
- Make error messages more informational
SolutionUpdate the affected python-python-gnupg packages.