On 05/06/2014 05:08 AM, Kristian Fiskerstrand wrote: > Dear lists, > > Following the release of SKS 1.1.5[0] the following changes will be > made to the pools of sks-keyservers.net > > subset.pool.sks-keyservers.net has been set to a minimum requirement > of SKS 1.1.5 with immediate effect. > > Due to CVE-2014-3207[1] I want to bump hkps.pool.sks-keyservers.net to > a requirement of 1.1.5 as this can potentially be in another security > context / zone, however I'm giving this a grace period of (at least) > 45-60 days to allow server administrators to upgrade their servers. > > I'm not making any changes to the main pool at this point. > > References: > [0] http://lists.nongnu.org/archive/html/sks-devel/2014-05/msg00026.html > [1] http://www.openwall.com/lists/oss-security/2014/05/01/16 >
For those that do run Debian... BTS #746626 has been opened as Important and tagged as 'security upstream fixed-upstream' for 1.1.5 so hopefully the maintainer team will get it updated within Jessie soon which will then trigger the BPO for Wheezy. _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
