GnuPG - (bulletinapr2019)ID: oval:org.secpod.oval:def:2104552 | Date: (C)2019-12-31 (M)2023-12-20 |
Class: PATCH | Family: unix |
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
Product: |
system/library/security/libgcrypt |
security/pinentry |
security/pinentry-gtk |
library/security/libksba |
library/security/libgpg-error |
library/security/libassuan |
library/security/gpgme |
library/pth |
library/npth |
library/gmime |
crypto/gnupg |