SigSpoof: Spoofing signatures in GnuPG, Enigmail, GPGTools and python-gnupg (CVE-2018-12020)
in short dont use gpg --verbose
on the command line. upgrade everything.
SigSpoof: Spoofing signatures in GnuPG, Enigmail, GPGTools and python-gnupg (CVE-2018-12020)
in short dont use gpg --verbose
on the command line. upgrade everything.
Was mentioned before in Whonix forum. Fixed in gpg already. No changes
required.
The website and blog seems to be sold and all data gone after one year, Here the archived version of it:
https://web.archive.org/web/20190827023252/https://neopg.io/blog/gpg-signature-spoof/