Ubuntu
gnupg package

gnupg 1.2.5-3ubuntu5.2 source package in Ubuntu

Changelog

gnupg (1.2.5-3ubuntu5.2) hoary-security; urgency=low

  * SECURITY UPDATE: Fix potential signature verification bypass.
  * Add debian/patches/23_verify_exit_code.dpatch:
    - Security fix for a verification weakness in gpgv.  Some input
      could lead to gpgv exiting with 0 even if the detached signature
      file did not carry any signature.  This is not as fatal as it
      might seem because the suggestion as always been not to rely on
      th exit code but to parse the --status-fd messages.  However it
      is likely that gpgv is used in that simplified way and thus we
      do this release.  Same problem with "gpg --verify" but nobody
      should have used this for signature verification without
      checking the status codes anyway.
    - Upstream patch from 1.4.2.1.
    - CVE-2006-0455

 -- Martin Pitt <email address hidden>   Fri, 17 Feb 2006 10:39:23 +0000

Upload details

Uploaded by:
Martin Pitt
Uploaded to:
Hoary
Original maintainer:
James Troup
Architectures:
any
Section:
utils
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
gnupg_1.2.5.orig.tar.gz 3.5 MiB 97c7dd776c075fd95f20a51a41b53f348a668da0145a5a4f324d2b1ffe7b9100
gnupg_1.2.5-3ubuntu5.2.diff.gz 62.4 KiB 6204919a527e29b237400cde860cc1607da6ab82a130f19ab5c1ff2d42a8f1fe
gnupg_1.2.5-3ubuntu5.2.dsc 654 bytes 147f865113a091a3a27be238f83c527b82aeeb1f3ac0a5fc38746d0d49682e63

View changes file

Binary packages built by this source

gnupg: No summary available for gnupg in ubuntu hoary.

No description available for gnupg in ubuntu hoary.

gpgv-udeb: No summary available for gpgv-udeb in ubuntu hoary.

No description available for gpgv-udeb in ubuntu hoary.