[Gpg4win-announce] Security Update - Gpg4win 4.0.4 released

Andre Heinecke aheinecke at gnupg.org
Mon Oct 17 12:42:34 CEST 2022


Hello,

Gpg4win version 4.0.4 is released!

        https://www.gpg4win.org/download.html

A severe bug has been found in libksba, the library used by GnuPG for parsing 
the ASN.1 structures as used by S/MIME.
The bug ( https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html  
CVE-2022-3515) affects all versions of libksba before 1.6.2 and may be used for 
remote code execution.  

*Updating to this new version is thus important*.


It is important to us that Gpg4win continues to be available
as Free Software which can be downloaded anonymously without costs.
Because we know that this is the only way for some people to get
a software product which enables them to protect their communication.
As Gpg4win maintenance needs to be funded nevertheless, we recommend
that you set the price for yourself that shows the value of Gpg4win.

For use with official documents with VS-NfD / EU / NATO RESTRICTED classification 
gnupg.com offers the option to obtain the approved GnuPG VS-Desktop version.

Details about Gpg4win 4.0.4:
    https://files.gpg4win.org/README-4.0.4.en.txt


Highlights in Gpg4win Version 4.0.4 (2022-10-17)
-------------------------------------------
* GnuPG: Security update to 2.3.8 to fix CVE-2022-3515.
* Kleopatra: Multiple improvements related to accessibility and user 
experience.
* GpgOL: An issue has been fixed which could cause delays when viewing 
unencrypted mails.


With best regards

    your Gpg4win Development Team

-- 
GnuPG.com - a brand of g10 Code, the GnuPG experts.

g10 Code GmbH, Erkrath/Germany, AG Wuppertal HRB14459
GF Werner Koch, USt-Id DE215605608, www.g10code.com.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 5655 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-announce/attachments/20221017/5e471bff/attachment.sig>


More information about the Gpg4win-announce mailing list