Package: sbsigntool Version: 0.9.4-3.2 Severity: important Dear Maintainer,
there is a nasty and longstanding bug in sbverify: Verification of
intermediate certificates returns true, even if there's no match, even
if no signer's certificate was passed at all.
In unstable, this was fixed in 0.9.4-6:
| * Add patch from upstream to fix certificate validation with
| intermediates.
In my opinion, this should be addressed in stable as well (actually also
oldstable but bookworm already moved to the downstream distribution).
Kind regards,
Christoph
-- System Information:
Debian Release: 13.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable'), (1, 'proposed-updates')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.94 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages sbsigntool depends on:
ii libc6 2.41-12+deb13u3
ii libssl3t64 3.5.6-1~deb13u2
ii libuuid1 2.41-5
sbsigntool recommends no packages.
sbsigntool suggests no packages.
-- no debconf information
signature.asc
Description: PGP signature

