Version 2.2.18 of gnupg is now available.
See https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html for details.
Yes, I've been waiting a bit on this to see if a quick fix is added for https://lists.gnupg.org/pipermail/gnupg-devel/2019-November/034487.html , but will likely bump it anyways later this week.
The bug has been referenced in the following commit(s):
Author: Kristian Fiskerstrand <firstname.lastname@example.org>
AuthorDate: 2019-12-13 19:16:03 +0000
Commit: Kristian Fiskerstrand <email@example.com>
CommitDate: 2019-12-13 19:16:18 +0000
app-crypt/gnupg: New upstream version 2.2.19
Package-Manager: Portage-2.3.79, Repoman-2.3.16
Signed-off-by: Kristian Fiskerstrand <firstname.lastname@example.org>
app-crypt/gnupg/Manifest | 1 +
app-crypt/gnupg/gnupg-2.2.19.ebuild | 152 ++++++++++++++++++++++++++++++++++++
2 files changed, 153 insertions(+)
@maintainer(s), ok to cleanup?
(In reply to sam_c (Security Padawan) from comment #3)
> @maintainer(s), ok to cleanup?
The vulnerability is fixed in <2.2.19, so @maintainer(s), are we ok to stabilise or call yourself if appropriate?
GLSA vote: no.
(In reply to sam_c (Security Padawan) from comment #4)
> The vulnerability is fixed in <2.2.19, so @maintainer(s), are we ok to
> stabilise or call yourself if appropriate?
This is meant to say 'fixed in 2.2.19.