This bug was fixed in the package gnupg - 1.4.11-3ubuntu2.9
---
gnupg (1.4.11-3ubuntu2.9) precise-security; urgency=medium
* Screen responses from keyservers (LP: #1409117)
- d/p/0001-Screen-keyserver-responses.dpatch
-
This bug was fixed in the package gnupg - 1.4.16-1.2ubuntu1.2
---
gnupg (1.4.16-1.2ubuntu1.2) utopic-security; urgency=medium
* Screen responses from keyservers (LP: #1409117)
- d/p/0001-Screen-keyserver-responses.patch
-
This bug was fixed in the package gnupg - 1.4.16-1ubuntu2.3
---
gnupg (1.4.16-1ubuntu2.3) trusty-security; urgency=medium
* Screen responses from keyservers (LP: #1409117)
- d/p/0001-Screen-keyserver-responses.patch
-
This bug was fixed in the package gnupg2 - 2.0.22-3ubuntu1.3
---
gnupg2 (2.0.22-3ubuntu1.3) trusty-security; urgency=medium
* Screen responses from keyservers (LP: #1409117)
- d/p/0001-Screen-keyserver-responses.patch
-
This bug was fixed in the package gnupg2 - 2.0.17-2ubuntu2.12.04.6
---
gnupg2 (2.0.17-2ubuntu2.12.04.6) precise-security; urgency=medium
* Screen responses from keyservers (LP: #1409117)
- d/p/0001-Screen-keyserver-responses.patch
-
Lucid is near end-of-life, we're not going to be fixing this.
** Changed in: gnupg (Ubuntu Lucid)
Status: Confirmed = Won't Fix
** Changed in: gnupg2 (Ubuntu Lucid)
Status: Confirmed = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
** Changed in: gnupg
Status: Unknown = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnupg in Ubuntu.
https://bugs.launchpad.net/bugs/1409117
Title:
GPG does not verify keys received when using
** Changed in: gnupg (Debian)
Status: Unknown = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnupg in Ubuntu.
https://bugs.launchpad.net/bugs/1409117
Title:
GPG does not verify keys received when
aah makes sense. thanks.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnupg in Ubuntu.
https://bugs.launchpad.net/bugs/1409117
Title:
GPG does not verify keys received when using --recv-keys leaving
communicaiton with
Fixed in 2.0.24 and 1.4.17.
** Information type changed from Private Security to Public Security
** Also affects: gnupg (Ubuntu)
Importance: Undecided
Status: New
** Bug watch added: Debian Bug tracker #725411
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725411
** Also
gpg is commonly used for verifying signatures before installing packages
and is how you would get packages from Launchpad too, right? forgive me,
but maybe wishlist is too low a importance? Obviously, your call and I
am not experienced with the project here, but I really think this should
be
apt-add-repository validates that the key that was downloaded is the
right one before importing it, it doesn't blindly trust the key that gpg
downloaded from the keyserver.
This is wishlist simply because it's security hardening. I will include
it in the next gnupg security upload.
--
You
12 matches
Mail list logo