CVE-2018-9234 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Insufficient validation
Description	When using a GnuPG smartcard in 2.2.4+ with an offline master [C]ertify key, it is possible to sign the keys of others with only a [S]igning subkey present.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-943	gnupg	2.2.5-1	2.2.5-2	Low	Fixed

References
https://bugs.archlinux.org/task/58120 https://dev.gnupg.org/T3844 https://dev.gnupg.org/rGa17d2d1f690ebe5d005b4589a5fe378b6487c657