GnuPG VS-Desktop 3.1.23

GnuPG VS-Desktop® version 3.1.23 is available since 2022-07-08. The previous version was 3.1.22. This Version is a security update outside of the regular release schedule and contains no new features.

Notes to Admins

A bug in GnuPG (CVE-2022-34903) could be used to inject wrong status information in signatures. This could be abused to display a wrong validity in Kleopatra and GpgOL. (T6027)

Solved Bugs

GUI (Kleopatra)

  • Kleopatra: A crash that occured when exiting the Application has been fixed. (T5962)

Engine (GnuPG)

  • Fix possibly garbled status messages in NOTATION_DATA. This bug could trick GPGME and other parsers to accept faked status lines. (T6027)

Versions of the Components

Component Version Remarks
GnuPG 2.2.36 T5949
Kleopatra 3.1.22  
GpgOL 2.5.3  
GpgEX 1.0.9  
Libgcrypt 1.8.9