PublicDate: 2006-03-13 21:06:00 UTC
Candidate: CVE-2006-0049
References:
 https://ubuntu.com/security/notices/USN-264-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0049
Description:
 gpg in GnuPG before 1.4.2.2 does not properly verify non-detached
 signatures, which allows attackers to inject unsigned data via a data
 packet that is not associated with a control packet, which causes the check
 for concatenated signatures to report that the signature is valid, a
 different vulnerability than CVE-2006-0455.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_gnupg: released (1.4.2.2-1ubuntu2.5)
edgy_gnupg: released (1.4.3-2ubuntu3.3)
feisty_gnupg: released (1.4.6-1ubuntu2)
devel_gnupg: released (1.4.6-1ubuntu2)
upstream_gnupg: needs-triage