Bug 42085 (CVE-2003-0255)

Summary: VUL-0: CVE-2003-0255: gnupg key validation problem
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Kurt Garloff <garloff>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2003-0255: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2003-05-23 17:07:48 UTC 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0255 
 
The key validation code in GnuPG before 1.2.2 does not properly determine the validity 
of keys with multiple user IDs and assigns the greatest validity of the most valid user 
ID, which prevents GnuPG from warning the encrypting user when a user ID does not 
have a trusted path.
Comment 1 Marcus Meissner 2003-05-23 17:07:48 UTC 
<!-- SBZ_reproduce  -->
no clue.
Comment 2 Marcus Meissner 2003-05-28 21:14:50 UTC 
PING. Garloff was on vacation, back next Monday...
Comment 3 Kurt Garloff 2003-07-10 21:24:37 UTC 

*** This bug has been marked as a duplicate of 42242 ***
Comment 4 Thomas Biege 2009-10-13 19:34:38 UTC 
CVE-2003-0255: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)