Wouter Cloetens <[EMAIL PROTECTED]> writes:
> Extra details on the bug report for gnupg-1.04-2 can be found
> on http://www.securityfocus.com/bid/2797. Most distributions
> appear to have reported a security alert, but all recommend
> upgrading to 1.0.6. A backport for stable is in order, I
> guess...
> Since 1.0.4-2 is in stable, with this bug, it should be fixed IMHO.
With GnuPG 1.0.4, the web of trust can be compromised by an attacker,
and there's a pretty severe problem with detached signature
verification. You should not distribute this version. (I'm going to
file a bug report soon.)
--
Florian Weimer [EMAIL PROTECTED]
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
