GPG does not verify keys received when using --recv-keys leaving communicaiton with key servers vulnerable to MITM
Bug #1409117 reported by
devd
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GnuPG |
Fix Released
|
Unknown
|
|||
gnupg (Debian) |
Fix Released
|
Unknown
|
|||
gnupg (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Won't Fix
|
Wishlist
|
Marc Deslauriers | ||
Precise |
Fix Released
|
Wishlist
|
Marc Deslauriers | ||
Trusty |
Fix Released
|
Wishlist
|
Marc Deslauriers | ||
Utopic |
Fix Released
|
Wishlist
|
Marc Deslauriers | ||
Vivid |
Fix Released
|
Undecided
|
Unassigned | ||
gnupg2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Won't Fix
|
Wishlist
|
Marc Deslauriers | ||
Precise |
Fix Released
|
Wishlist
|
Marc Deslauriers | ||
Trusty |
Fix Released
|
Wishlist
|
Marc Deslauriers | ||
Utopic |
Fix Released
|
Undecided
|
Unassigned | ||
Vivid |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The patch from http://
This leaves 12.04 users of GPG2 vulnerable to MITM attacks on gpg2 --recv-keys. See https:/
Changed in gnupg (Ubuntu Trusty): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
Changed in gnupg (Ubuntu Utopic): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
Changed in gnupg2 (Ubuntu Lucid): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
Changed in gnupg2 (Ubuntu Precise): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
Changed in gnupg2 (Ubuntu Trusty): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
Changed in gnupg: | |
status: | Unknown → Fix Released |
Changed in gnupg (Debian): | |
status: | Unknown → Fix Released |
To post a comment you must log in.
Fixed in 2.0.24 and 1.4.17.