Package name
Advisory ID
Affected versions
7.0 i586 , 7.1 i586 , 7.2 i586

Problem description

When importing keys from public key servers, GnuPG will import private keys (also known as secret keys) in addition to public keys. If this happens, the user's web of trust becomes corrupt. Additionally, when used to check detached signatures, if the data file being checked contains clearsigned data, GnuPG will not warn the user if the detached signature is incorrect.

Updated packages

7.0 i586

 cf39b3d9baf91db3f5272d60672dc756  7.0/RPMS/gnupg-1.0.4-3.2mdk.i586.rpm
6d4087bd4aa40a54fe8e13dba15253c6  7.0/SRPMS/gnupg-1.0.4-3.2mdk.src.rpm

7.1 i586

 2f3d02b9fefbe27a8802c7215b9677c2  7.1/RPMS/gnupg-1.0.4-3.2mdk.i586.rpm
6d4087bd4aa40a54fe8e13dba15253c6  7.1/SRPMS/gnupg-1.0.4-3.2mdk.src.rpm

7.2 i586

 5315e438e24104ad16428845bedc5f07  7.2/RPMS/gnupg-1.0.4-3.1mdk.i586.rpm
582ad67607ebf93a174aa9d3905673d9  7.2/SRPMS/gnupg-1.0.4-3.1mdk.src.rpm