FreeBSD : GnuPG does not detect injection of unsigned data (948921ad-afbc-11da-bad9-02e081235dab)
Medium Nessus Plugin ID 21478
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionWerner Koch reports :
In the aftermath of the false positive signature verfication bug (announced 2006-02-15) more thorough testing of the fix has been done and another vulnerability has been detected. This new problem affects the use of *gpg* for verification of signatures which are _not_ detached signatures. The problem also affects verification of signatures embedded in encrypted messages; i.e. standard use of gpg for mails.
SolutionUpdate the affected package.