{"id":"MGASA-2019-0348","summary":"Updated gnupg2 packages fix security vulnerability","details":"gnupg2 is updated to 2.2.18 and fix security vulnerability:\n\nWeb of Trust forgeries using collisions in SHA-1 signatures (CVE-2019-14855)\n* Note that this change removes all SHA-1 based key signature  newer than\n  2019-01-19 from the web-of-trust. This includes all key signature created\n  with dsa1024 keys. The new option --allow-weak-key-signatues can be used\n  to override the new and safer behaviour.\n\nFor other fixes in this update, see the gnupg-announce reference.\n","modified":"2026-04-16T04:43:21.445622448Z","published":"2019-11-30T13:06:06Z","upstream":["CVE-2019-14855"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0348.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25749"},{"type":"WEB","url":"https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html"}],"affected":[{"package":{"name":"gnupg2","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/gnupg2?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.18-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0348.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}