This bug was fixed in the package gnupg2 - 2.2.4-1ubuntu1.5
---
gnupg2 (2.2.4-1ubuntu1.5) bionic-security; urgency=medium
* SECURITY UPDATE: Certificate Spamming Attack through SKS
(LP: #1844059)
- debian/patches/CVE-2019-13050-1.patch: add option to only accept
Until this may get mitigations in Ubuntu, this approach can be used to
(temporarily) clean up a poisoned key ring:
https://tech.michaelaltfield.net/2019/07/14/mitigating-poisoned-pgp-
certificates/
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Thanks for clarifying this here and on the CVE tracker, Alex + Marc!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1844059
Title:
Please apply mitigations for CVE-2019-13050
To manage
As per the CVE details in the Ubuntu CVE tracker for this CVE
(https://people.canonical.com/~ubuntu-
security/cve/2019/CVE-2019-13050.html) you can see Marc mentions this
was deferred because the specific updates to address this are not
complete so we are waiting on better upstream fixes before
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: gnupg2 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1844059
Title:
