- Package name
- Advisory ID
- Affected versions
- 7.0 i586 , 7.1 i586 , 7.2 i586
When importing keys from public key servers, GnuPG will import private keys (also known as secret keys) in addition to public keys. If this happens, the user's web of trust becomes corrupt. Additionally, when used to check detached signatures, if the data file being checked contains clearsigned data, GnuPG will not warn the user if the detached signature is incorrect.
cf39b3d9baf91db3f5272d60672dc756 7.0/RPMS/gnupg-1.0.4-3.2mdk.i586.rpm 6d4087bd4aa40a54fe8e13dba15253c6 7.0/SRPMS/gnupg-1.0.4-3.2mdk.src.rpm
2f3d02b9fefbe27a8802c7215b9677c2 7.1/RPMS/gnupg-1.0.4-3.2mdk.i586.rpm 6d4087bd4aa40a54fe8e13dba15253c6 7.1/SRPMS/gnupg-1.0.4-3.2mdk.src.rpm
5315e438e24104ad16428845bedc5f07 7.2/RPMS/gnupg-1.0.4-3.1mdk.i586.rpm 582ad67607ebf93a174aa9d3905673d9 7.2/SRPMS/gnupg-1.0.4-3.1mdk.src.rpm