[Rpm-maint] [rpm-software-management/rpm] Validate self-signatures and require subkey bindings on PGP public keys (#1788)

soig notifications at github.com
Sat Feb 5 09:52:02 UTC 2022


Hi
Can you backport those fixes to rpm-4.16.x?
We need them for fixing the CVE in Mageia 8 (and probably other distributions).
Thanks
b5e8bc74b2b05aa557f663fe227b94d2bc64fbd8 &  9f03f42e2614a68f589f9db8fe76287146522c0c apply cleanly.
But not bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8 since there's been refactoring between 4.16 & 4.17


-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1788#issuecomment-1030591355
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/1788/c1030591355 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220205/7b11e07d/attachment-0001.html>


More information about the Rpm-maint mailing list