Use RPMSIG_SIGNATURE_TYPE and rpmcliVerifySignatures() for all RPM-based signature verification #307
Description
This is libzypp’s version of CVE-2021-3445. Only users who have turned off repository signature verification for at least one repository are vulnerable, unlike DNF which is vulnerable by default. See rpm-software-management/libdnf#1179 and rpm-software-management/dnf#1752.
Reporting publicly because this is already public in other repositories and because default configurations are not vulnerable.