Summary: | <app-crypt/gnupg-{2.2.35-r1, 2.3.6-r1}: Signature spoofing via status line injection | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system, zlogene |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 856322 | ||
Bug Blocks: |
Description
Sam James
2022-06-30 19:08:39 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=988fa70ca5731f8d4a1862d559603cbf13d569be commit 988fa70ca5731f8d4a1862d559603cbf13d569be Author: Sam James <sam@gentoo.org> AuthorDate: 2022-06-30 20:01:02 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-06-30 20:01:08 +0000 app-crypt/gnupg: backport signature status message fix Bug: https://bugs.gentoo.org/855395 Signed-off-by: Sam James <sam@gentoo.org> .../gnupg-2.2.35-status-messages-garbled.patch | 45 ++++++ .../gnupg-2.3.6-status-messages-garbled.patch | 45 ++++++ app-crypt/gnupg/gnupg-2.2.35-r1.ebuild | 160 ++++++++++++++++++++ app-crypt/gnupg/gnupg-2.3.6-r1.ebuild | 165 +++++++++++++++++++++ 4 files changed, 415 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3070f3b4f2d5f3de77046e8594493fb041f86176 commit 3070f3b4f2d5f3de77046e8594493fb041f86176 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-07-12 01:27:32 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-07-12 01:27:59 +0000 app-crypt/gnupg: add 2.3.7 Note that CVE-2022-34903 was already fixed in 2.4.6-r1 in Gentoo. Bug: https://bugs.gentoo.org/855395 Signed-off-by: Sam James <sam@gentoo.org> app-crypt/gnupg/Manifest | 2 + app-crypt/gnupg/gnupg-2.3.7.ebuild | 164 +++++++++++++++++++++++++++++++++++++ 2 files changed, 166 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=edaa82dbe986586c12f7d0e15ccfaa2e8c17c4d2 commit edaa82dbe986586c12f7d0e15ccfaa2e8c17c4d2 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-08-10 08:41:19 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-08-10 08:41:29 +0000 [ GLSA 202408-23 ] GnuPG: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/855395 Bug: https://bugs.gentoo.org/923248 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202408-23.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) |