GHSA-R7VQ-6425-J94W Python-TUF vulnerable to incorrect threshold signature computation for new root metadata

Impact The function verifyrootselfsigned, introduced in v0.14.0, and which verifies self-signatures in a new root metadata file, counted multiple signatures by any new root key towards the new threshold. That is, any single new root key could theoretically provide enough signatures to meet the...

PT-2022-28275 · Tuf · Tuf

Name of the Vulnerable Software and Affected Versions: TUF versions 0.14.0 through 0.15.x Description: The issue concerns the verify root self signed function, which verifies self-signatures in new root metadata files. This function counted multiple signatures by any new root key towards the new...