[ubuntu/bionic-updates] gnupg2 2.2.4-1ubuntu1.5 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Mon May 30 07:58:19 UTC 2022
gnupg2 (2.2.4-1ubuntu1.5) bionic-security; urgency=medium
* SECURITY UPDATE: Certificate Spamming Attack through SKS
(LP: #1844059)
- debian/patches/CVE-2019-13050-1.patch: add option to only accept
self-signatures when importing a key in g10/import.c,
g10/options.h and doc/gpg.texi.
- debian/patches/CVE-2019-13050-2.patch: add fallback when importing
self-signatures only in g10/import.c.
- debian/patches/CVE-2019-13050-3.patch: add "self-sigs-only" and
"import-clean" to the keyserver options in g10/gpg.c and
doc/gpg.texi.
- debian/patches/CVE-2019-13050-4.patch: fix regression by ensuring
KEYID is available on a pending package in g10/import.c.
- debian/patches/CVE-2019-13050-5.patch: prevent fallback from being
used if the options are already used in g10/import.c.
- CVE-2019-13050
Date: 2022-05-26 15:59:08.872118+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/gnupg2/2.2.4-1ubuntu1.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list