CVE-2016-20021

Published: 2024-01-12T03:15Z

Last Modified: 2024-11-21T02:47Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt