Launchpad.net

CVE 2007-1263

GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.

Related bugs and status

CVE-2007-1263 (Candidate) is related to these bugs:

Bug #90864: Debdiff to fix CVE-2007-1263 in feisty and edgy

		In	Importance	Status
90864	Debdiff to fix CVE-2007-1263 in feisty and edgy	gpgme1.0 (Ubuntu)	Medium	Fix Released
90864	Debdiff to fix CVE-2007-1263 in feisty and edgy	gpgme1.0 (Ubuntu Breezy)	Low	Invalid
90864	Debdiff to fix CVE-2007-1263 in feisty and edgy	gpgme1.0 (Ubuntu Dapper)	Medium	Fix Released
90864	Debdiff to fix CVE-2007-1263 in feisty and edgy	gpgme1.0 (Ubuntu Feisty)	Medium	Fix Released
90864	Debdiff to fix CVE-2007-1263 in feisty and edgy	gpgme1.0 (Ubuntu Edgy)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 22757
MLIST: [gnupg-users] 20070306...
REDHAT: RHSA-2007:0106
UBUNTU: USN-432-1
SECTRACK: 1017727
SECUNIA: 24365
SECUNIA: 24420
SECUNIA: 24438
DEBIAN: DSA-1266
FEDORA: FEDORA-2007-315
FEDORA: FEDORA-2007-316
UBUNTU: USN-432-2
SECUNIA: 24489
SECUNIA: 24511
CONFIRM: https://issues.rpath.c...
REDHAT: RHSA-2007:0107
SECUNIA: 24544
SGI: 20070301-01-P
SUSE: SUSE-SA:2007:024
SECUNIA: 24734
SECUNIA: 24650
CONFIRM: http://support.avaya.c...
SECUNIA: 24875
SECUNIA: 24407
TRUSTIX: 2007-0009
SECUNIA: 24419
SREASON: 2353
MANDRIVA: MDKSA-2007:059
VUPEN: ADV-2007-0835
MISC: http://www.coresecurit...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20070305 CORE-2007-011...
BUGTRAQ: 20070305 CORE-2007-011...