| pabs3 | wgrant: Debian put out a sec update for gpg2 for the issue I mentioned: https://lists.debian.org/debian-security-announce/2022/msg00142.html | 02:46 |
|---|---|---|
| === guruprasad changed the topic of #launchpad to: - Help contact: guruprasad (0430-1230 hrs UTC Mon-Fri) | Launchpad is an open source project: https://dev.launchpad.net/ | This channel is logged: http://irclogs.ubuntu.com/ | User Guide https://help.launchpad.net/ | Support and spam reporting: https://answers.launchpad.net/launchpad | ||
| wgrant | pabs3: Thanks for the link -- good that there's a CVE assigned now. We've patched it locally, not sure what the status of the Ubuntu update is. | 04:59 |
| pabs3 | not mentioned on the Ubuntu sectracker https://ubuntu.com/security/CVE-2022-34903 | 05:24 |
| ubottu | GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34903> | 05:24 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!