Back to bug 2116258
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2022-08-08 04:34:48 UTC | Depends On | 2116259 | |
| Avinash Hanwate | 2022-08-10 10:37:03 UTC | CC | vkumar | |
| Doc Text | A flaw was found in the cosign package. cosign verify-attestation used with the --type flag will report a false positive verification when: - There is at least one attestation with a valid signature - There are NO attestations of the type being verified (--type defaults to "custom") This can happen when signing with a standard keypair and with a "keyless" signing with Fulcio. |
|||
| Avinash Hanwate | 2022-08-10 10:38:08 UTC | Doc Text | A flaw was found in the cosign package. cosign verify-attestation used with the --type flag will report a false positive verification when: - There is at least one attestation with a valid signature - There are NO attestations of the type being verified (--type defaults to "custom") This can happen when signing with a standard keypair and with a "keyless" signing with Fulcio. | A flaw was found in the cosign package. The cosign verify-attestation used with the --type flag will report a false positive verification when: - There is at least one attestation with a valid signature - There are NO attestations of the type being verified (--type defaults to "custom") This can happen when signing with a standard keypair and with a "keyless" signing with Fulcio. |
| RaTasha Tillery-Smith | 2022-08-10 15:59:27 UTC | Doc Text | A flaw was found in the cosign package. The cosign verify-attestation used with the --type flag will report a false positive verification when: - There is at least one attestation with a valid signature - There are NO attestations of the type being verified (--type defaults to "custom") This can happen when signing with a standard keypair and with a "keyless" signing with Fulcio. | A flaw was found in the cosign package. The cosign verify-attestation used with the --type flag will report a false positive verification when there is at least one attestation with a valid signature and when there are no attestations of the type being verified (for example, —type defaults to "custom"). This issue can happen when signing with a standard keypair and keyless signing with Fulcio. |
| Red Hat Bugzilla | 2022-10-28 13:12:58 UTC | CC | krathod | |
| Red Hat Bugzilla | 2023-05-15 18:03:49 UTC | CC | rrajasek | |
| Red Hat Bugzilla | 2023-07-07 08:32:02 UTC | Assignee | security-response-team | nobody |
Back to bug 2116258