*** This bug is a security vulnerability *** Public security bug reported:
According to https://people.canonical.com/~ubuntu- security/cve/2019/CVE-2019-13050.html mitigating CVE-2019-13050 was deferred, however mitigation is needed. Reading the comments listed there, I am unable to determine the reasoning / cause for deferral, could you please try to help me understand? Thank in advance. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnupg 2.2.4-1ubuntu1.2 ProcVersionSignature: Ubuntu 5.0.0-27.28~18.04.1-generic 5.0.21 Uname: Linux 5.0.0-27-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.7 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Sun Sep 15 17:14:48 2019 SourcePackage: gnupg2 UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: gnupg2 (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug bionic ** Information type changed from Private Security to Public Security ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-13050 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1844059 Title: Please apply mitigations for CVE-2019-13050 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1844059/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs