OpenPGP Key Certification Forgeries with SHA-1. Older versions of OpenPGP implementations will default to using SHA-1 which is not secure.
Name: Werner Koch (GnuPG project)
This flaw only affects the versions of GnuPG package which defaults to signing with SHA-1. GnuPG 2.0 and above does not use SHA-1 by default therefore are not directly affected by this flaw.
Created gnupg1 tracking bugs for this issue:
Affects: fedora-30 [bug 1815379]
Affects: fedora-31 [bug 1815380]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):