CVE-2016-20021

Published: Jan 12, 2024

Modified: Jun 3, 2025

PUBLISHED

Description

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://wiki.gentoo.org/wiki/Portage

https://gitweb.gentoo.org/proj/portage.git/tree/NEWS

https://bugs.gentoo.org/597800

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-20021

Description

Affected Products

References