Scripts and applications using GnuPG are prone to a vulnerability in how signature verification information is shown to the end user.Īn attacker is able to add arbitrary content to a signed message. Issue reproduced and confirmed by Enigmail: New version of GnuPG and GPGME released: GnuPG states that they will issue a patch: GnuPG response (incorrect use of GnuPG): Notification acknowledged by GnuPG maintainers: Title: GnuPG and GnuPG clients unsigned data injection vulnerability ![]() GNUMail improper or non-existing use of -status-fd Mutt improper or non-existing use of -status-fd ![]() Sylpheed improper or non-existing use of -status-fd KMail improper or non-existing use of -status-fdĮvolution improper or non-existing use of -status-fd ![]() For the visual distinction issues in GnuPG itself, all 4 attacks.
0 Comments
Leave a Reply. |