[Debian] Medium CVE: CVE-2022-34903: gnupg2: allows signature forgery via injection into the status line
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
ZhangXiao |
Bug Description
CVE-2022-34903: https:/
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
Base Score: Medium
References:
https:/
https:/
['dirmngr_
CVE References
Changed in starlingx: | |
assignee: | nobody → ZhangXiao (zhangxiao-windriver) |
Fixed by review: https:/ /review. opendev. org/c/starlingx /tools/ +/886901 which merged on Jun 26.