SigSpoof: Spoofing signatures in GnuPG, Enigmail, GPGTools and python-gnupg (CVE-2018-12020)
https://neopg.io/blog/gpg-signature-spoof/
in short dont use gpg --verbose on the command line. upgrade everything.
Was mentioned before in Whonix forum. Fixed in gpg already. No changes
required.
2 Likes
The website and blog seems to be sold and all data gone after one year, Here the archived version of it:
https://web.archive.org/web/20190827023252/https://neopg.io/blog/gpg-signature-spoof/
1 Like