Описание
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| gnupg2 | fixed | 2.2.7-1 | package | |
| gnupg2 | no-dsa | stretch | package | |
| gnupg2 | no-dsa | jessie | package | |
| gnupg2 | no-dsa | wheezy | package |
Примечания
https://dev.gnupg.org/T3844
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=a17d2d1f690ebe5d005b4589a5fe378b6487c657
EPSS
Связанные уязвимости
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
EPSS