AVG-1185 log
Package | libjcat |
Status | Fixed |
Severity | High |
Type | insufficient validation |
Affected | 0.1.2-1 |
Fixed | 0.1.3-1 |
Current | 0.2.2-1 [extra] |
Ticket | None |
Created | Tue Jun 9 13:08:25 2020 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2020-10759 | High | Yes | Insufficient validation | A PGP signature verification bypass has been found in fwupd prior to 1.4.0, and in libjcat <= 0.1.2. The issue is that if a detached signature is actually a... |
Date | Advisory | Package | Type |
---|---|---|---|
31 Jul 2020 | ASA-202007-6 | libjcat | insufficient validation |
References |
---|
https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md |