AVG-1185 log

Package libjcat
Status Fixed
Severity High
Type insufficient validation
Affected 0.1.2-1
Fixed 0.1.3-1
Current 0.2.2-1 [extra]
Ticket None
Created Tue Jun 9 13:08:25 2020
Issue Severity Remote Type Description
CVE-2020-10759 High Yes Insufficient validation
A PGP signature verification bypass has been found in fwupd prior to 1.4.0, and in libjcat <= 0.1.2. The issue is that if a detached signature is actually a...
Date Advisory Package Type
31 Jul 2020 ASA-202007-6 libjcat insufficient validation
References
https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md