GnuPG VS-Desktop 3.3.7

GnuPG VS-Desktop® version 3.3.7 has been available since 2026-04-20. It fixes a security issue. The previous version was 3.3.6.

Notes to Admins

We recommend updating to this version: a DoS (denial-of-service) attack was easily exploitable until now. This release fixes the problem. (T8211)

Solved Bugs

Engine (GnuPG)

  • libgcrypt: Fix possible ECDH buffer overwrite with zeroes. (T8211)
  • gpgsm: Add a certificate chain check for DE-VS compliance. (T8188)
  • gpgsm: Show rsaPSS certificates as DE-VS compliant in listings. (T8222)
  • agent: Accept a trustlist with a missing LF at the end. (T8078)

GUI (Kleopatra)

  • Fix issue with hanging encryption when S/MIME validity check fails. (T8187)

Versions of the Components

Component Version Remarks
GnuPG 2.2.54 T8170
Kleopatra 3.3.7  
GpgOL 2.7.2  
GpgEX 1.0.11  
Libgcrypt 1.8.13 T8224
Libksba 1.6.8 T7174

This page as PDF.

Unless otherwise noted, these web pages are: Copyright 2025 g10 Code GmbH. Verbatim copying and distribution is permitted in any medium, provided this notice is preserved. See the Legal Notice & Privacy Policy for details. This page was last changed on 2026-04-22.