[ubuntu/bionic-security] gnupg2 2.2.4-1ubuntu1.5 (Accepted)
David Fernandez Gonzalez
david.fernandezgonzalez at canonical.com
Mon May 30 07:15:32 UTC 2022
gnupg2 (2.2.4-1ubuntu1.5) bionic-security; urgency=medium
* SECURITY UPDATE: Certificate Spamming Attack through SKS
(LP: #1844059)
- debian/patches/CVE-2019-13050-1.patch: add option to only accept
self-signatures when importing a key in g10/import.c,
g10/options.h and doc/gpg.texi.
- debian/patches/CVE-2019-13050-2.patch: add fallback when importing
self-signatures only in g10/import.c.
- debian/patches/CVE-2019-13050-3.patch: add "self-sigs-only" and
"import-clean" to the keyserver options in g10/gpg.c and
doc/gpg.texi.
- debian/patches/CVE-2019-13050-4.patch: fix regression by ensuring
KEYID is available on a pending package in g10/import.c.
- debian/patches/CVE-2019-13050-5.patch: prevent fallback from being
used if the options are already used in g10/import.c.
- CVE-2019-13050
gnupg2 (2.2.4-1ubuntu1.4) bionic; urgency=medium
* d/p/dirmngr-handle-EAFNOSUPPORT-at-connect_server.patch:
- Fix IPv6 connectivity for dirmngr (LP: #1910432)
* Fix autopkgtests (LP: #1825186)
- add d/t/simple-tests from devel branch
- remove broken gpgv-win32 test from d/t/control
Date: 2022-05-26 15:59:08.872118+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
https://launchpad.net/ubuntu/+source/gnupg2/2.2.4-1ubuntu1.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list