gnupg: Web of Trust forgeries using collisions in SHA-1 (CVE-2019-14855)

Web of Trust forgeries using collisions in SHA-1 signatures (CVE-2019-14855) Note that this change removes all SHA-1 based key signature newer than 2019-01-19 from the web-of-trust. This includes all key signature created with dsa1024 keys. The new option --allow-weak-key-signatues can be used to override the new and safer behaviour.

Fixed In Version:

gnupg 2.2.18

References:

https://dev.gnupg.org/T4755
https://security-tracker.debian.org/tracker/CVE-2019-14855

Affected branches:

master (94ffa605)
3.10-stable
3.9-stable
3.8-stable

Edited Dec 18, 2019 by Leonardo Arena

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information