FEDORA-2018-3fc05e009d

security update in Fedora 27 for gnupg2

Status: stable 3 months ago

Minor update from upstream with fix for CVE-2018-9234 and other bug fixes.

Comments 11

This update has been submitted for testing by tmraz.

This update has been pushed to testing.

Works for me

karma: +1

works for me

karma: +1

This update has been submitted for batched by bodhi.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

This broke at least the libostree GPG unit tests, we're still investigating: https://github.com/ostreedev/ostree/pull/1539#issuecomment-381980639

Breaks mutt's checking GnuPG/PGP signatures in e-mails (via gpgme) if the signer's key is not in my keyring. Rolling back to 2.2.5-1 fixes this. Will file a separate bug about the regression later.

karma: -1 critpath: +1

Actually it works if I update gpgme to 1.10.0-4.fc27 at the same time. You should have added the required dependency information and released both as one update.

karma: +1 critpath: +1

Unfortunately it was too late when the regression was found. :(


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines
#1563931 CVE-2018-9234 gnupg2: GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys [fedora-all]
#1565387 gnupg2-2.2.6 is available
Does the system's basic functionality continue to work after this update?
Is the update generally functional?
Content Type
RPM
Status
stable
Test Gating Status
Submitted by
Update Type
security
Update Severity
low
Karma
+3
stable threshold: 2
unstable threshold: -2
Autopush
Enabled
Dates
submitted 3 months ago
in testing 3 months ago
in stable 3 months ago

Related Bugs 2

00 #1563931 CVE-2018-9234 gnupg2: GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys [fedora-all]
00 #1565387 gnupg2-2.2.6 is available

Automated Test Results

Test results and gating status may sometimes conflict as the gating status is retrieved periodically by Bodhi's backend server, while the test results presented here are retrieved upon page load. If your update is marked as gated while all the tests show green/passed, the next check of gating status should open the gate.