Thank you for your attention to detail. CVE-2017-7526 was fixed in USN-3347-1 and -2 by patching the libgcrypt20 and libgcrypt11 source packages:
https://usn.ubuntu.com/3347-1/ https://usn.ubuntu.com/3347-2/ You can track our work per-cve on https://people.canonical.com/~ubuntu- security/cve/2017/CVE-2017-7526.html and similar pages, which will show the source packages that may be affected by any given CVE. Thanks ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7526 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1785176 Title: GnuPG 1.4.23 released on 2018-06-11, addresses CVE-2017-7526 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/1785176/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs