MitreCVELIST:CVE-2007-1263CVE-2007-1263
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
References
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
fedoranews.org/cms/node/2775
fedoranews.org/cms/node/2776
lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html
lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html
secunia.com/advisories/24365
secunia.com/advisories/24407
secunia.com/advisories/24419
secunia.com/advisories/24420
secunia.com/advisories/24438
secunia.com/advisories/24489
secunia.com/advisories/24511
secunia.com/advisories/24544
secunia.com/advisories/24650
secunia.com/advisories/24734
secunia.com/advisories/24875
securityreason.com/securityalert/2353
support.avaya.com/elmodocs2/security/ASA-2007-144.htm
www.coresecurity.com/?action=item&id=1687
www.debian.org/security/2007/dsa-1266
www.mandriva.com/security/advisories?name=MDKSA-2007:059
www.redhat.com/support/errata/RHSA-2007-0106.html
www.redhat.com/support/errata/RHSA-2007-0107.html
www.securityfocus.com/archive/1/461958/100/0/threaded
www.securityfocus.com/archive/1/461958/30/7710/threaded
www.securityfocus.com/bid/22757
www.securitytracker.com/id?1017727
www.trustix.org/errata/2007/0009/
www.ubuntu.com/usn/usn-432-1
www.ubuntu.com/usn/usn-432-2
www.vupen.com/english/advisories/2007/0835
issues.rpath.com/browse/RPL-1111
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10496
Related
