Debian alert DLA-2274-1 (fwupd)

From:
             
 
"Chris Lamb" <lamby@debian.org> 
To:
             
 
debian-lts-announce@lists.debian.org 
Subject:
             
 
[SECURITY] [DLA 2274-1] fwupd security update 
Date:
             
 
Thu,  9 Jul 2020 05:36:40 -0400 (EDT)
Message-ID:
             
 
<20200709093640.B71D614200A2@mailuser.nyi.internal>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : fwupd
Version        : 0.7.4-2+deb9u1
CVE ID         : CVE-2020-10759
Debian Bug     : #962517

It was discovered that there was a possible signature verification
issue in firmware update daemon library "fwupd" as the return value
of gpgme_op_verify_result was not being checked.

For Debian 9 "Stretch", this issue has been fixed in fwupd version
0.7.4-2+deb9u1.

We recommend that you upgrade your fwupd packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl8G5QAACgkQHpU+J9Qx
Hlh2XQ//dWZhK/H33B6xPW5vDMVuflK3UvqOjWSuOdiJ0t5VIr6XCy9r+slik5sZ
K6UkhvBhzCcLnwIvqXymyl/cJu7ZM335JZWnj/YTJLxgVlDS+th6ldkaZKHMDmDh
DX78oFjHKB49rif79lKOO9b5plJEE0kYlEHFh9Ir8p+gKgMvrbBIBiwvPy485iiT
1ao8HC88bF+REspkTToCxjNfTc15RvJEYh5/tkH2lbfArXAgp2uGDcwFySEc1Geg
ZJqzmCZ7tgQ31ka1tdu5gYRDms3CGNTRzMFY5FiOJifBEcSVtwguTzVtfR7QhMUz
RywRUTSz0umh1Yu5A9JVBy2xXNh8015OKJXfwIXvyHKTZMePh9E9pVS0hRW8zOzM
bsPupIGX6WydXsnOo1LB/bwwenPkDGxHXRiMoV4K/+TUiy7TPMtNfPOD8OukieTC
Q5NM59ZRsx6/IgGiLB1men6sndWnvaL9NYGIVIYqHqQVzoL7IPyiNNrop3J98r2H
LI1exrdL0oVuJMDAs6a1pf73suv/Sw2/NxK2ZPD1jN4bwEb9R83XC6Wcv6HJ5oJY
HpHd4gH0fCCR3PcE6V0Xa0CNHOCi2jPJ4tJp678vX4dvzk3e3Y64mYBNFNaWY5qx
+o/4h88gfTAzOv/vqeNo8KtJsZjRx2qz6y6UKBVzcl0scaFIUuc=
=ad5P
-----END PGP SIGNATURE-----