Your message dated Fri, 8 Dec 2006 00:33:12 -0200
with message-id <[EMAIL PROTECTED]>
and subject line fixed in 1.4.6-1 upload
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: gnupg
Version: 1.4.5-3
Severity: grave
Tags: security
Justification: user security hole
According to an email that was sent to the gnupg-announce mailing
list, the version of gnupg in unstable (as well as in stable) is
vulnerable to remote attack. By introducing a malformed OpenPGP
packet, an attacker can dereference a function pointer in GnuPG which
can be used to control the data processed by GnuPG. All versions before
1.4.6 are affected, and the recommended fix is to upgrade to 1.4.6.
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-2-amd64
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages gnupg depends on:
ii gpgv 1.4.5-3 GNU privacy guard - signature veri
ii libbz2-1.0 1.0.3-6 high-quality block-sorting file co
ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries
ii libldap2 2.1.30-13.2 OpenLDAP libraries
ii libreadline5 5.2-1 GNU readline and history libraries
ii libusb-0.1-4 2:0.1.12-2 userspace USB programming library
ii makedev 2.3.1-83 creates device files in /dev
ii zlib1g 1:1.2.3-13 compression library - runtime
gnupg recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 1.4.6-1
This bug has been fixed by the following upload to unstable; it remains open
in stable:
gnupg (1.4.6-1) unstable; urgency=high
* New upstream release.
* Fixes remotely controllable function pointer [CVE-2006-6235]
* 27_filename_overflow.dpatch: merged upstream, dropped.
* 24_gpgv_manpage_cleanup.dpatch: updated and a couple of additional
trivial fixes.
* debian/rules (binary-arch): info copy of manuals moved to
/usr/share/info - remove them there instead. Manuals are now built
from texi source, so install them from build tree, not top level.
* debian/copyright: update to add OpenSSL exemption for keyserver helper
tools.
-- James Troup <[EMAIL PROTECTED]> Thu, 7 Dec 2006 02:54:51 +0000
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
--- End Message ---
