CVE-2018-9234

Source
Severity Low
Remote No
Type Insufficient validation
Description
When using a GnuPG smartcard in 2.2.4+ with an offline master [C]ertify key, it is possible to sign the keys of others with only a [S]igning subkey present.
Group Package Affected Fixed Severity Status Ticket
AVG-943 gnupg 2.2.5-1 2.2.5-2 Low Fixed
References
https://bugs.archlinux.org/task/58120
https://dev.gnupg.org/T3844
https://dev.gnupg.org/rGa17d2d1f690ebe5d005b4589a5fe378b6487c657