Bug 181822 - CVE-2006-0455 gpg will quietly exit when attempting to verify a malformed message
Summary: CVE-2006-0455 gpg will quietly exit when attempting to verify a malformed mes...
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: gnupg   
(Show other bugs)
Version: 4
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Mike McLean
URL:
Whiteboard: source=vendorsec,reported=20060213,pu...
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-02-16 21:23 UTC by Josh Bressers
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: 1.4.2.1-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-03 04:38:34 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Josh Bressers 2006-02-16 21:23:17 UTC
The Gentoo project identified a security related bug in GnuPG.  When
using any current version of GnuPG for unattended signature
verification (e.g. by scripts and mail programs), false positive
signature verification of detached signatures may occur.

This is primarily an issue since gpg return 0 on what should be a failure.  This
will break automated scripts.

http://marc.theaimsgroup.com/?l=gnupg-devel&m=113999098729114&w=2

Comment 1 Fedora Update System 2006-02-17 19:18:50 UTC
From User-Agent: XML-RPC

gnupg-1.4.2.1-1 has been pushed for FC4, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.