AVG-1185 log

Package libjcat
Status Vulnerable
Severity High
Type insufficient validation
Affected 0.1.2-1
Fixed Unknown
Current 0.1.2-1 [community]
Ticket Create
Created Tue Jun 9 13:08:25 2020
Issue Severity Remote Type Description
CVE-2020-10759 High Yes Insufficient validation
A PGP signature verification bypass has been found in fwupd prior to 1.4.0, and in libjcat <= 0.1.2. The issue is that if a detached signature is actually a...
References
https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md