From bernhard at intevation.de Mon May 26 17:58:17 2025 From: bernhard at intevation.de (Bernhard Reiter) Date: Mon, 26 May 2025 17:58:17 +0200 Subject: [Gpg4win-announce] Gpg4win 4.4.1 released (important) Message-ID: <202505261758.18013.bernhard@intevation.de> Hello, if you are using the PDF viewer Okular from Gpg4win, please upgrade to version 4.4.1 as this version fixes a severe vulnerability in the freetype library. https://www.gpg4win.org/download.html About the vulnerability: Embedded malicious fonts in a PDF file may lead to code execution in Okular. CVSS Base Score: 8.1 (v3.1) Details https://euvd.enisa.europa.eu/enisa/EUVD-2025-6367 (alternative ids: CVE-2025-27363, GHSA-g8qj-jv5h-78cp) There are other good things in Gpg4win 4.4.1, for example * improvements in the Outlook Add-in (GpgOL) * a better Kleopatra * GnuPG upgraded to v2.4.8 Check out the https://www.gpg4win.org/change-history.html Boilerplate: It is important to us that Gpg4win continues to be available as Free Software which can be downloaded anonymously without costs. Because we know that this is the only way for some people to get a software product which enables them to protect their communication. As Gpg4win maintenance needs to be funded nevertheless, we recommend that you set the price for yourself that shows the value of Gpg4win. For use with official documents with VS-NfD / EU / NATO RESTRICTED classification https://gnupg.com offers the option to obtain the approved GnuPG VS-Desktop version. Best Regards Bernhard on behalf of the Gpg4win Development Team -- https://intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998 Managing Directors: Frank Koormann, Bernhard Reiter -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: This is a digitally signed message part. URL: