5a0a9227ba
Fix CVE-2022-34903: GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. https://lists.gnupg.org/pipermail/gnupg-announce/2022q3/000474.html Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
8 lines
484 B
Plaintext
8 lines
484 B
Plaintext
# From https://lists.gnupg.org/pipermail/gnupg-announce/2022q3/000474.html
|
|
sha1 9255a70a984bfbfa5312a9a52a1cf47cb0d1fc84 gnupg-2.3.7.tar.bz2
|
|
# Calculated based on the hash above and signature
|
|
# https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.3.7.tar.bz2.sig
|
|
# using key 02F38DFF731FF97CB039A1DA549E695E905BA208
|
|
sha256 ee163a5fb9ec99ffc1b18e65faef8d086800c5713d15a672ab57d3799da83669 gnupg-2.3.7.tar.bz2
|
|
sha256 bc2d6664f6276fa0a72d57633b3ae68dc7dcb677b71018bf08c8e93e509f1357 COPYING
|