GnuPG - (bulletinapr2019)| ID: oval:org.secpod.oval:def:2104552 | Date: (C)2019-12-31 (M)2023-12-20 |
| Class: PATCH | Family: unix |
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
| Product: |
| system/library/security/libgcrypt |
| security/pinentry |
| security/pinentry-gtk |
| library/security/libksba |
| library/security/libgpg-error |
| library/security/libassuan |
| library/security/gpgme |
| library/pth |
| library/npth |
| library/gmime |
| crypto/gnupg |
