Vulnerability CVE-2016-20021


Published: 2024-01-12

Description:
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification.

 References:
https://wiki.gentoo.org/wiki/Portage
https://gitweb.gentoo.org/proj/portage.git/tree/NEWS
https://bugs.gentoo.org/597800

Copyright 2026, cxsecurity.com

 

Back to Top