mirror of
https://git.yoctoproject.org/poky
synced 2026-02-20 08:29:42 +01:00
c8a29e6c81
* CVE-2018-9234 GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. Affects gnupg <= 2.2.5 CVE: CVE-2018-9234 Ref: https://access.redhat.com/security/cve/cve-2018-9234 (From OE-Core rev: af920831ed1ef607db195372f135cc56e9f53b41) Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>