Univention Bugzilla – Bug 54957
gnupg2: Multiple issues (5.0)
Last modified: 2022-07-13 17:00:56 CEST
New Debian gnupg2 2.2.12-1+deb10u2 fixes: This update addresses the following issue: * GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. (CVE-2022-34903)
--- mirror/ftp/pool/main/g/gnupg2/gnupg2_2.2.12-1+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/gnupg2_2.2.12-1+deb10u2.dsc @@ -1,3 +1,11 @@ +2.2.12-1+deb10u2 [Fri, 01 Jul 2022 12:06:43 -0400] Daniel Kahn Gillmor <dkg@fifthhorseman.net>: + + [ Roger Shimizu ] + * d/control: Update Build-Depends: libgpg-error-dev (>= 1.35) + + [ Daniel Kahn Gillmor ] + * fix broken status line (Closes: #1014157) + 2.2.12-1+deb10u1 [Thu, 22 Aug 2019 15:11:59 -0400] Daniel Kahn Gillmor <dkg@fifthhorseman.net>: * drop unneeded patch for printing revocation certificates <http://piuparts.knut.univention.de/5.0-2/#1015383059308701933>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] 09f48c2eff Bug #54957: gnupg2 2.2.12-1+deb10u2 doc/errata/staging/gnupg2.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x347>