Ubuntu
gnupg package

gnupg 1.4.2.1-0ubuntu1 source package in Ubuntu

Changelog

gnupg (1.4.2.1-0ubuntu1) dapper; urgency=low

  * New upstream security bugfix release, only contains the following changes:
    - Security fix for a verification weakness in gpgv.  Some input
      could lead to gpgv exiting with 0 even if the detached signature
      file did not carry any signature.  This is not as fatal as it
      might seem because the suggestion as always been not to rely on
      th exit code but to parse the --status-fd messages.  However it
      is likely that gpgv is used in that simplified way and thus we
      do this release.  Same problem with "gpg --verify" but nobody
      should have used this for signature verification without
      checking the status codes anyway. [CVE-2006-0455]
    - Added a test case for above vulnerability.
  * debian/rules: Call the test suite during build. (Will fail the build
    if the test suite fails.)

 -- Martin Pitt <email address hidden>   Fri, 17 Feb 2006 11:18:27 +0100

Upload details

Uploaded by:
Martin Pitt
Uploaded to:
Dapper
Original maintainer:
James Troup
Architectures:
any
Section:
utils
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
gnupg_1.4.2.1.orig.tar.gz 4.0 MiB 4465e053aa97b17e43020bb3876b92074c589168daa66a4fd3d9096ee6ea875d
gnupg_1.4.2.1-0ubuntu1.diff.gz 32.4 KiB 21c8ad89fde060e0d76b3abe28de6d5499870e658971cdbd49138a798793824e
gnupg_1.4.2.1-0ubuntu1.dsc 688 bytes f366237fc1df9c74b69a70b6430070dbb1ebaa602be5d2439f4a022072ea5a17

View changes file

Binary packages built by this source

gnupg: No summary available for gnupg in ubuntu dapper.

No description available for gnupg in ubuntu dapper.

gpgv-udeb: No summary available for gpgv-udeb in ubuntu dapper.

No description available for gpgv-udeb in ubuntu dapper.