FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

GnuPG does not detect injection of unsigned data

Affected packages
gnupg <


VuXML ID 948921ad-afbc-11da-bad9-02e081235dab
Discovery 2006-03-09
Entry 2006-03-10
Modified 2006-03-11

Werner Koch reports:

In the aftermath of the false positive signature verfication bug (announced 2006-02-15) more thorough testing of the fix has been done and another vulnerability has been detected. This new problem affects the use of *gpg* for verification of signatures which are _not_ detached signatures. The problem also affects verification of signatures embedded in encrypted messages; i.e. standard use of gpg for mails.


CVE Name CVE-2006-0049