diff options
| author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2006-02-17 09:53:58 +0000 |
|---|---|---|
| committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2006-02-17 09:53:58 +0000 |
| commit | 51909aa65ed5cc1df61e8edcc79918ad2aa538a8 (patch) | |
| tree | bb715d9ac9df7ef05fc919d4000d4db5ffc140d5 /security/vuxml/vuln.xml | |
| parent | 5a22d96a477a124aeb97f208fd4476c5b07bb265 (diff) | |
| download | ports-51909aa65ed5cc1df61e8edcc79918ad2aa538a8.tar.gz ports-51909aa65ed5cc1df61e8edcc79918ad2aa538a8.zip | |
Notes
Diffstat (limited to 'security/vuxml/vuln.xml')
| -rw-r--r-- | security/vuxml/vuln.xml | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 917864722628..8bd88286cf0f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,45 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="63fe4189-9f97-11da-ac32-0001020eed82"> + <topic>gnupg -- false positive signature verification</topic> + <affects> + <package> + <name>gnupg</name> + <range><lt>1.4.2.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Werner Koch reports:</p> + <blockquote cite="http://marc.theaimsgroup.com/?l=gnupg-devel&m=113999098729114"> + <p>The Gentoo project identified a security related bug in + GnuPG. When using any current version of GnuPG for + unattended signature verification (e.g. by scripts and + mail programs), false positive signature verification of + detached signatures may occur.</p> + <p>This problem affects the tool *gpgv*, as well as using + "gpg --verify" to imitate gpgv, if only the exit code of + the process is used to decide whether a detached signature + is valid. This is a plausible mode of operation for + gpgv.</p> + <p>If, as suggested, the --status-fd generated output is + used to decide whether a signature is valid, no problem + exists. In particular applications making use of the + GPGME library[2] are not affected.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2006-0455</cvename> + <mlist msgid="87u0b1xdru.fsf@wheatstone.g10code.de">http://marc.theaimsgroup.com/?l=gnupg-devel&m=113999098729114</mlist> + </references> + <dates> + <discovery>2006-02-15</discovery> + <entry>2006-02-17</entry> + </dates> + </vuln> + <vuln vid="e34d0c2e-9efb-11da-b410-000e0c2e438a"> <topic>rssh -- privilege escalation vulnerability</topic> <affects> |