code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	Sinan Kaya <okaya@kernel.org>
	Mon, 24 Sep 2018 16:08:07 +0000 (16:08 +0000)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Wed, 10 Oct 2018 12:23:45 +0000 (13:23 +0100)
commit	af920831ed1ef607db195372f135cc56e9f53b41
tree	f32fd3c55f2305dd979152b81761393f5974ebd0	tree \| snapshot
parent	a53026f03a1d07cef1d1590c689e036f3ee21026	commit \| diff

gnupg: CVE-2018-9234

* CVE-2018-9234
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key
certification requires an offline master Certify key, which results
in apparently valid certifications that occurred only with access to
a signing subkey.

Affects gnupg <= 2.2.5

CVE: CVE-2018-9234
Ref: https://access.redhat.com/security/cve/cve-2018-9234
Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

meta/recipes-support/gnupg/gnupg/CVE-2018-9234.patch	[new file with mode: 0644]	blob
meta/recipes-support/gnupg/gnupg_2.2.4.bb		diff \| blob \| history

Mirror of the official openembedded-core repository

RSS Atom