181822 – CVE-2006-0455 gpg will quietly exit when attempting to verify a malformed message

Bug 181822 - CVE-2006-0455 gpg will quietly exit when attempting to verify a malformed message

Summary: CVE-2006-0455 gpg will quietly exit when attempting to verify a malformed mes...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gnupg
Sub Component:
Version:	4
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nalin Dahyabhai
QA Contact:	Mike McLean
Docs Contact:
URL:
Whiteboard:	source=vendorsec,reported=20060213,pu...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-02-16 21:23 UTC by Josh Bressers
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:	1.4.2.1-1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-03-03 04:38:34 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Josh Bressers 2006-02-16 21:23:17 UTC

The Gentoo project identified a security related bug in GnuPG.  When
using any current version of GnuPG for unattended signature
verification (e.g. by scripts and mail programs), false positive
signature verification of detached signatures may occur.

This is primarily an issue since gpg return 0 on what should be a failure.  This
will break automated scripts.

http://marc.theaimsgroup.com/?l=gnupg-devel&m=113999098729114&w=2

Comment 1 Fedora Update System 2006-02-17 19:18:50 UTC

From User-Agent: XML-RPC

gnupg-1.4.2.1-1 has been pushed for FC4, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.