AVG-1186 log
| Package | fwupd |
| Status | Fixed |
| Severity | High |
| Type | insufficient validation |
| Affected | 0.1.2-1 |
| Fixed | 1.4.0-1 |
| Current | 1.9.16-1 [extra] |
| Ticket | None |
| Created | Tue Jun 9 18:18:50 2020 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2020-10759 | High | Yes | Insufficient validation | A PGP signature verification bypass has been found in fwupd prior to 1.4.0, and in libjcat <= 0.1.2. The issue is that if a detached signature is actually a... |