CVE-2006-0049

Priority
Description
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached
signatures, which allows attackers to inject unsigned data via a data
packet that is not associated with a control packet, which causes the check
for concatenated signatures to report that the signature is valid, a
different vulnerability than CVE-2006-0455.
Package
Source: gnupg (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Updated: 2019-03-19 11:38:04 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)