*** This bug is a security vulnerability *** Public security bug reported:
Hello, SEC Consult has reported an issue with Go's implementation of openpgp clear signatures: https://seclists.org/fulldisclosure/2019/May/16 https://sec-consult.com/en/blog/advisories/cleartext-message-spoofing-in-go-cryptography-libraries-cve-2019-11841/ This appears to affect a lot of code in the archive. CVE-2019-11841 has been assigned to this issue. Thanks ** Affects: aptly (Ubuntu) Importance: Undecided Status: New ** Affects: autodeb (Ubuntu) Importance: Undecided Status: New ** Affects: candid (Ubuntu) Importance: Undecided Status: New ** Affects: charm (Ubuntu) Importance: Undecided Status: New ** Affects: golang-go.crypto (Ubuntu) Importance: Undecided Status: New ** Affects: golang-pault-go-archive (Ubuntu) Importance: Undecided Status: New ** Affects: golang-pault-go-debian (Ubuntu) Importance: Undecided Status: New ** Affects: juju-core (Ubuntu) Importance: Undecided Status: New ** Affects: juju-core-1 (Ubuntu) Importance: Undecided Status: New ** Affects: lxd (Ubuntu) Importance: Undecided Status: New ** Affects: mongo-tools (Ubuntu) Importance: Undecided Status: New ** Affects: mongodb (Ubuntu) Importance: Undecided Status: New ** Affects: singularity-container (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1828905 Title: go gnupg/clearsign issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/aptly/+bug/1828905/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
