Page MenuHome GnuPG
Create Task
Maniphest T7904

GnuPG may downgrade digest algorithm to SHA1
Testing, HighPublic
Actions

Description

GnuPG may downgrade the message digest algorithm to insecure SHA1 algorithm during signature checking due to reading from uninitialized memory.

Reported-by: 49016 and Liam (two-heart)

Related Objects
Search...

StatusAssignedTask
Unknown Object (Maniphest Task)
 TestingNoneT7904 GnuPG may downgrade digest algorithm to SHA1

Event Timeline

gniibe created this task.Tue, Nov 4, 6:45 AM
gniibe created this object in space Restricted Space.
gniibe created this object with visibility "g10code (Project)".
gniibe created this object with edit policy "g10code (Project)".

Fixed in rGdb9705ef594d: gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures.

werner triaged this task as High priority.Tue, Nov 4, 1:26 PM
gniibe mentioned this in Unknown Object (Maniphest Task).Mon, Nov 10, 2:51 AM
werner changed the task status from Open to Testing.Wed, Nov 19, 5:53 PM
werner shifted this object from the Restricted Space space to the S1 Public space.
werner updated the task description. (Show Details)
werner changed the visibility from "g10code (Project)" to "Public (No Login Required)".
werner changed the edit policy from "g10code (Project)" to "Contributor (Project)".
werner removed a project: g10code.