MDKSA-2003:061
- Package name
- gnupg
- Date
- 2003-05-22
- Advisory ID
- MDKSA-2003:061
- Affected versions
- 9.1 i586 , CS2.1 x86_64 , CS2.1 i586 , 9.0 i586 , 8.2 i586 , MNF8.2 i586 , 9.1 i586 , 8.2 i586
Problem description
A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from being given when attempting to encrypt to an invalid UID, but due to the bug, is accepted as valid. Patches have been applied for version 1.0.7 and all users are encouraged to upgrade.
Updated packages
9.1 i586
9d1b5490ff82a97b279ef9cb68b458db 9.1/RPMS/gnupg-1.2.2-1.1mdk.i586.rpm d0e70c888b593188bb92828908d8be8e 9.1/SRPMS/gnupg-1.2.2-1.1mdk.src.rpm
CS2.1 x86_64
e7b8826c409a434e3ac2b7d22050498d x86_64/corporate/2.1/RPMS/gnupg-1.0.7-3.1mdk.x86_64.rpm 38a397a657d6f264db9679f2ed002ed7 x86_64/corporate/2.1/SRPMS/gnupg-1.0.7-3.1mdk.src.rpm
CS2.1 i586
1bfcc7589ddd74946cbaa7d2f6c7081f corporate/2.1/RPMS/gnupg-1.0.7-3.1mdk.i586.rpm 38a397a657d6f264db9679f2ed002ed7 corporate/2.1/SRPMS/gnupg-1.0.7-3.1mdk.src.rpm
9.0 i586
1bfcc7589ddd74946cbaa7d2f6c7081f 9.0/RPMS/gnupg-1.0.7-3.1mdk.i586.rpm 38a397a657d6f264db9679f2ed002ed7 9.0/SRPMS/gnupg-1.0.7-3.1mdk.src.rpm
8.2 i586
024e2dc599314591cee3334bd205039f 8.2/RPMS/gnupg-1.0.7-3.1mdk.i586.rpm 38a397a657d6f264db9679f2ed002ed7 8.2/SRPMS/gnupg-1.0.7-3.1mdk.src.rpm
MNF8.2 i586
024e2dc599314591cee3334bd205039f mnf8.2/RPMS/gnupg-1.0.7-3.1mdk.i586.rpm 38a397a657d6f264db9679f2ed002ed7 mnf8.2/SRPMS/gnupg-1.0.7-3.1mdk.src.rpm
9.1 i586
e7e402899a26c4f02e5684df16e33b0e ppc/9.1/RPMS/gnupg-1.2.2-1.1mdk.ppc.rpm d0e70c888b593188bb92828908d8be8e ppc/9.1/SRPMS/gnupg-1.2.2-1.1mdk.src.rpm
8.2 i586
3d74d4e08b065e36249c38033389d12e ppc/8.2/RPMS/gnupg-1.0.7-3.1mdk.ppc.rpm 38a397a657d6f264db9679f2ed002ed7 ppc/8.2/SRPMS/gnupg-1.0.7-3.1mdk.src.rpm