gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures.

* g10/sig-check.c (check_signature_over_key_or_uid): Always initialize
IS_SELFSIG because it is later used to detect SHA1 non-selfsignatures.
--

The value of is_selfsig was also used to decide whether to reject a a
SHA_signature if it is not a self-signature.  However, a code path
exists where is_selfsig was set to stub_is_selfsig and not initilaized
in this case.

Fixes-commit: c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4
Reported-by: 8b79fe4dd0581c1cd000e1fbecba9f39e16a396a

0 files changed, 0 insertions, 0 deletions