Nom du paquet
gnupg
Date
2003-05-22
Advisory ID
MDKSA-2003:061
Affected versions
9.1 i586 , CS2.1 x86_64 , CS2.1 i586 , 9.0 i586 , 8.2 i586 , MNF8.2 i586 , 9.1 i586 , 8.2 i586

Problem description

A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from being given when attempting to encrypt to an invalid UID, but due to the bug, is accepted as valid. Patches have been applied for version 1.0.7 and all users are encouraged to upgrade.

Updated packages

9.1 i586

 9d1b5490ff82a97b279ef9cb68b458db  9.1/RPMS/gnupg-1.2.2-1.1mdk.i586.rpm
d0e70c888b593188bb92828908d8be8e  9.1/SRPMS/gnupg-1.2.2-1.1mdk.src.rpm

CS2.1 x86_64

 e7b8826c409a434e3ac2b7d22050498d  x86_64/corporate/2.1/RPMS/gnupg-1.0.7-3.1mdk.x86_64.rpm
38a397a657d6f264db9679f2ed002ed7  x86_64/corporate/2.1/SRPMS/gnupg-1.0.7-3.1mdk.src.rpm

CS2.1 i586

 1bfcc7589ddd74946cbaa7d2f6c7081f  corporate/2.1/RPMS/gnupg-1.0.7-3.1mdk.i586.rpm
38a397a657d6f264db9679f2ed002ed7  corporate/2.1/SRPMS/gnupg-1.0.7-3.1mdk.src.rpm

9.0 i586

 1bfcc7589ddd74946cbaa7d2f6c7081f  9.0/RPMS/gnupg-1.0.7-3.1mdk.i586.rpm
38a397a657d6f264db9679f2ed002ed7  9.0/SRPMS/gnupg-1.0.7-3.1mdk.src.rpm

8.2 i586

 024e2dc599314591cee3334bd205039f  8.2/RPMS/gnupg-1.0.7-3.1mdk.i586.rpm
38a397a657d6f264db9679f2ed002ed7  8.2/SRPMS/gnupg-1.0.7-3.1mdk.src.rpm

MNF8.2 i586

 024e2dc599314591cee3334bd205039f  mnf8.2/RPMS/gnupg-1.0.7-3.1mdk.i586.rpm
38a397a657d6f264db9679f2ed002ed7  mnf8.2/SRPMS/gnupg-1.0.7-3.1mdk.src.rpm

9.1 i586

 e7e402899a26c4f02e5684df16e33b0e  ppc/9.1/RPMS/gnupg-1.2.2-1.1mdk.ppc.rpm
d0e70c888b593188bb92828908d8be8e  ppc/9.1/SRPMS/gnupg-1.2.2-1.1mdk.src.rpm

8.2 i586

 3d74d4e08b065e36249c38033389d12e  ppc/8.2/RPMS/gnupg-1.0.7-3.1mdk.ppc.rpm
38a397a657d6f264db9679f2ed002ed7  ppc/8.2/SRPMS/gnupg-1.0.7-3.1mdk.src.rpm

References