CVE-2022-34903 Information

Description

GnuPG through 2.3.6 in unusual situations where an attacker possesses any secret-key information from a victim’s keyring and other constraints (e.g. use of GPGME) are met allows signature forgery via injection into the status line.

Reference

https://dev.gnupg.org/T6027 https://bugs.debian.org/1014157 https://www.openwall.com/lists/oss-security/2022/06/30/1