PT-2024-10576 · Gentoo · Gentoo Portage
Name of the Vulnerable Software and Affected Versions: Gentoo Portage versions prior to 3.0.47 Description: The issue concerns missing PGP validation of executed code. Specifically, the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. This issue doe...