AVG-943 log

Package gnupg
Status Fixed
Severity Low
Type insufficient validation
Affected 2.2.5-1
Fixed 2.2.5-2
Current 2.4.5-4 [core]
Ticket None
Created Wed Mar 27 14:35:43 2019
Issue Severity Remote Type Description
CVE-2018-9234 Low No Insufficient validation
When using a GnuPG smartcard in 2.2.4+ with an offline master [C]ertify key, it is possible to sign the keys of others with only a [S]igning subkey present.