SECURITY: gnupg (CVE-2006-0455)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SECURITY: gnupg (CVE-2006-0455)

Yaakov (Cygwin/X)
Applications relying on GnuPG to authenticate digital signatures may
incorrectly believe a signature has been verified.

Solution: upgrade to 1.4.2.1.

More information:
http://security.gentoo.org/glsa/glsa-200602-10.xml
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0455


Yaakov

Reply | Threaded
Open this post in threaded view
|

Re: SECURITY: gnupg (CVE-2006-0455)

Volker Quetschke
Hi Yaakov,
> Applications relying on GnuPG to authenticate digital signatures may
> incorrectly believe a signature has been verified.
>
> Solution: upgrade to 1.4.2.1.

I got the hint ;) Expect a new version in the next week or so.

   Volker

--
PGP/GPG key  (ID: 0x9F8A785D)  available  from  wwwkeys.de.pgp.net
key-fingerprint 550D F17E B082 A3E9 F913  9E53 3D35 C9BA 9F8A 785D

signature.asc (260 bytes) Download Attachment