GnuPG vulnerability issue

gnupg has a vulnerability called ‘CVE-2018-12020’
https://nvd.nist.gov/vuln/detail/CVE-2018-12020
The gnupg in the current xmpp-docker image seems to need an upgrade.

I think there are two solutions.
Method 1. Grant root authority to xmpp-docker images
Method 2. Updated xmpp-docker image release

I would be grateful if you could provide the above method or any other good solution.
Thank you for your passion for kontalk during busy times.

Thanks for reporting this!

The right fix would be to update the base image. I see that gnupg 2.2.12 is in stretch-backports, so I think it would probably be enough to alter the apt-get install command to make it install gnupg from backports.

As a side note, we don’t use decrypt nor verify functions, so the issue doesn’t probably apply, but it’s surely safe to upgrade.

By the way, I’ve opened an issue to track this.