[ubuntu/bionic-security] gnupg2 2.2.4-1ubuntu1.5 (Accepted)

David Fernandez Gonzalez david.fernandezgonzalez at canonical.com
Mon May 30 07:15:32 UTC 2022


gnupg2 (2.2.4-1ubuntu1.5) bionic-security; urgency=medium

  * SECURITY UPDATE: Certificate Spamming Attack through SKS
    (LP: #1844059)
    - debian/patches/CVE-2019-13050-1.patch: add option to only accept
      self-signatures when importing a key in g10/import.c,
      g10/options.h and doc/gpg.texi.
    - debian/patches/CVE-2019-13050-2.patch: add fallback when importing
      self-signatures only in g10/import.c.
    - debian/patches/CVE-2019-13050-3.patch: add "self-sigs-only" and 
      "import-clean" to the keyserver options in g10/gpg.c and 
      doc/gpg.texi.
    - debian/patches/CVE-2019-13050-4.patch: fix regression by ensuring
      KEYID is available on a pending package in g10/import.c.
    - debian/patches/CVE-2019-13050-5.patch: prevent fallback from being
      used if the options are already used in g10/import.c.
    - CVE-2019-13050

gnupg2 (2.2.4-1ubuntu1.4) bionic; urgency=medium

  * d/p/dirmngr-handle-EAFNOSUPPORT-at-connect_server.patch:
    - Fix IPv6 connectivity for dirmngr (LP: #1910432)
  * Fix autopkgtests (LP: #1825186)
    - add d/t/simple-tests from devel branch
    - remove broken gpgv-win32 test from d/t/control

Date: 2022-05-26 15:59:08.872118+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
https://launchpad.net/ubuntu/+source/gnupg2/2.2.4-1ubuntu1.5
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list