[Bug 1844059] [NEW] Please apply mitigations for CVE-2019-13050

Tom Reynolds 1844059 at bugs.launchpad.net
Sun Sep 15 15:24:31 UTC 2019 

*** This bug is a security vulnerability ***

Public security bug reported:

According to https://people.canonical.com/~ubuntu-
security/cve/2019/CVE-2019-13050.html mitigating CVE-2019-13050 was
deferred, however mitigation is needed.

Reading the comments listed there, I am unable to determine the
reasoning / cause for deferral, could you please try to help me
understand? Thank in advance.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: gnupg 2.2.4-1ubuntu1.2
ProcVersionSignature: Ubuntu 5.0.0-27.28~18.04.1-generic 5.0.21
Uname: Linux 5.0.0-27-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Sun Sep 15 17:14:48 2019
SourcePackage: gnupg2
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: gnupg2 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug bionic

** Information type changed from Private Security to Public Security

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-13050

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/1844059

Title:
  Please apply mitigations for CVE-2019-13050

Status in gnupg2 package in Ubuntu:
  New

Bug description:
  According to https://people.canonical.com/~ubuntu-
  security/cve/2019/CVE-2019-13050.html mitigating CVE-2019-13050 was
  deferred, however mitigation is needed.

  Reading the comments listed there, I am unable to determine the
  reasoning / cause for deferral, could you please try to help me
  understand? Thank in advance.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: gnupg 2.2.4-1ubuntu1.2
  ProcVersionSignature: Ubuntu 5.0.0-27.28~18.04.1-generic 5.0.21
  Uname: Linux 5.0.0-27-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.7
  Architecture: amd64
  CurrentDesktop: ubuntu:GNOME
  Date: Sun Sep 15 17:14:48 2019
  SourcePackage: gnupg2
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1844059/+subscriptions

More information about the foundations-bugs mailing list