AVG-943 log
| Package | gnupg |
| Status | Fixed |
| Severity | Low |
| Type | insufficient validation |
| Affected | 2.2.5-1 |
| Fixed | 2.2.5-2 |
| Current | 2.4.8-3 [core] |
| Ticket | None |
| Created | Wed Mar 27 14:35:43 2019 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2018-9234 | Low | No | Insufficient validation | When using a GnuPG smartcard in 2.2.4+ with an offline master [C]ertify key, it is possible to sign the keys of others with only a [S]igning subkey present. |