AVG-1186 log
Package | fwupd |
Status | Fixed |
Severity | High |
Type | insufficient validation |
Affected | 0.1.2-1 |
Fixed | 1.4.0-1 |
Current | 2.0.4-1 [extra] |
Ticket | None |
Created | Tue Jun 9 18:18:50 2020 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2020-10759 | High | Yes | Insufficient validation | A PGP signature verification bypass has been found in fwupd prior to 1.4.0, and in libjcat <= 0.1.2. The issue is that if a detached signature is actually a... |