Your message dated Tue, 13 Mar 2007 20:40:19 +0100
with message-id <[EMAIL PROTECTED]>
and subject line fixed with most recent upload
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: gnupg
Version: 1.4.6-1
Severity: grave
Tags: security patch
Justification: user security hole
Hi,
There has been an announcement[1] about a possible security hole in
GnupG related to multiple messages, and new releases[2] of both GnuPG
and GpgME. There are a patch available for this problem[3]
[1] http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html
[2] http://lists.gnupg.org/pipermail/gnupg-devel/2007-March/023686.html
[3]
ftp://ftp.gnupg.org/gcrypt/gnupg/patches/gnupg-1.4.6-multiple-message.patch
Thanks
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8)
Versions of packages gnupg depends on:
ii gpgv 1.4.6-1 GNU privacy guard - signature veri
ii libbz2-1.0 1.0.3-6 high-quality block-sorting file co
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libldap2 2.1.30-13.3 OpenLDAP libraries
ii libreadline5 5.2-2 GNU readline and history libraries
ii libusb-0.1-4 2:0.1.12-6 userspace USB programming library
ii makedev 2.3.1-83 creates device files in /dev
ii zlib1g 1:1.2.3-13 compression library - runtime
gnupg recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 1.4.6-2
Hi,
this upload has fixed this issue already.
Cheers,
Andi
Format: 1.7
Date: Wed, 7 Mar 2007 21:47:35 +0000
Source: gnupg
Binary: gnupg-udeb gpgv gnupg gpgv-udeb
Architecture: source i386
Version: 1.4.6-2
Distribution: unstable
Urgency: medium
Maintainer: James Troup <[EMAIL PROTECTED]>
Changed-By: James Troup <[EMAIL PROTECTED]>
Description:
gnupg - GNU privacy guard - a free PGP replacement
gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb)
gpgv - GNU privacy guard - signature verification tool
gpgv-udeb - minimal signature verification tool (udeb)
Changes:
gnupg (1.4.6-2) unstable; urgency=medium
.
* 28_multiple_message.dpatch: new patch from upstream to fix problems
handling verification of messages with multiple
components. [CVE-2007-1263]
--
http://home.arcor.de/andreas-barth/
--- End Message ---
