fwupd
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Simple daemon to allow session software to update firmware |
| Version | 2.0.3-2 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1186 | 0.1.2-1 | 1.4.0-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-10759 | AVG-1186 | High | Yes | Insufficient validation | A PGP signature verification bypass has been found in fwupd prior to 1.4.0, and in libjcat <= 0.1.2. The issue is that if a detached signature is actually a... |