GnuPG CVE-2018-12020 and Mutt
Kevin J. McCarthy
kevin at 8t8.us
Fri Jun 8 23:28:36 UTC 2018
Hi Mutt Users,
GnuPG just released an important security fix involving injection into
the status-fd channel. The details are at
If you are using the suggested values in contrib/gpg.rc, it should NOT
be necessary to switch to using GPGME (despite what they said in their
Specifically make sure you have "--no-verbose" in $pgp_decode_command,
$pgp_verify_command, and $pgp_decrypt_command.
There are a couple other (non-critical) issues Marcus Brinkmann found
and reported to Mutt. They are mitigated by the new GnuPG release, and
by fixes in Mutt's stable branch. I will release a new stable version
in the next couple weeks.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the Mutt-announce