VDB

GCVE-VVD-MAGEIA-2019-348

GCVE-VVD-MAGEIA-2019-348
Advisory Published
Vulnetix · Advisory published November 30, 2019
gnupg2 is updated to 2.2.18 and fix security vulnerability: Web of Trust forgeries using collisions in SHA-1 signatures (CVE-2019-14855) * Note that this change removes all SHA-1 based key signature newer than 2019-01-19 from the web-of-trust. This includes all key signature created with dsa1024 keys. The new option --allow-weak-key-signatues can be used to override the new and safer behaviour. For other fixes in this update, see the gnupg-announce reference.
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiagnupg20 (affected), 2.2.18-1.mga7 (unaffected)

Aliases

CVE-2019-14855

Transitive aliases

CLEANSTART-2026-HT23337EUVD-2019-5977GHSA-cpvm-f36g-55vgBDU:2023-01658VVD-GENTOO-2019-701616

References

Updated gnupg2 packages fix security vulnerability
advisory
Updated gnupg2 packages fix security vulnerability
issue
Updated gnupg2 packages fix security vulnerability
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›