[Gpg4win-announce] Security Update - Gpg4win 4.0.4 released
aheinecke at gnupg.org
Mon Oct 17 12:42:34 CEST 2022
Gpg4win version 4.0.4 is released!
A severe bug has been found in libksba, the library used by GnuPG for parsing
the ASN.1 structures as used by S/MIME.
The bug ( https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html
CVE-2022-3515) affects all versions of libksba before 1.6.2 and may be used for
remote code execution.
*Updating to this new version is thus important*.
It is important to us that Gpg4win continues to be available
as Free Software which can be downloaded anonymously without costs.
Because we know that this is the only way for some people to get
a software product which enables them to protect their communication.
As Gpg4win maintenance needs to be funded nevertheless, we recommend
that you set the price for yourself that shows the value of Gpg4win.
For use with official documents with VS-NfD / EU / NATO RESTRICTED classification
gnupg.com offers the option to obtain the approved GnuPG VS-Desktop version.
Details about Gpg4win 4.0.4:
Highlights in Gpg4win Version 4.0.4 (2022-10-17)
* GnuPG: Security update to 2.3.8 to fix CVE-2022-3515.
* Kleopatra: Multiple improvements related to accessibility and user
* GpgOL: An issue has been fixed which could cause delays when viewing
With best regards
your Gpg4win Development Team
GnuPG.com - a brand of g10 Code, the GnuPG experts.
g10 Code GmbH, Erkrath/Germany, AG Wuppertal HRB14459
GF Werner Koch, USt-Id DE215605608, www.g10code.com.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5655 bytes
Desc: This is a digitally signed message part.
More information about the Gpg4win-announce