Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2006-0049

Published: 13 March 2006

gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.

Priority

Unknown

Status

Package Release Status
gnupg
Launchpad, Ubuntu, Debian 		dapper
Released (1.4.2.2-1ubuntu2.5)
edgy
Released (1.4.3-2ubuntu3.3)
feisty
Released (1.4.6-1ubuntu2)
upstream Needs triage

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading