[Gpg4win-announce] Gpg4win 4.4.1 released (important)

Mon May 26 17:58:17 CEST 2025

Hello,

if you are using the PDF viewer Okular from Gpg4win,
please upgrade to version 4.4.1
as this version fixes a severe vulnerability in the freetype library.

  https://www.gpg4win.org/download.html

About the vulnerability:
  Embedded malicious fonts in a PDF file may lead to code execution
  in Okular.  CVSS Base Score: 8.1 (v3.1)
  Details https://euvd.enisa.europa.eu/enisa/EUVD-2025-6367
    (alternative ids: CVE-2025-27363, GHSA-g8qj-jv5h-78cp)

There are other good things in Gpg4win 4.4.1, for example
  * improvements in the Outlook Add-in (GpgOL)
  * a better Kleopatra
  * GnuPG upgraded to v2.4.8

Check out the https://www.gpg4win.org/change-history.html

Boilerplate:

It is important to us that Gpg4win continues to be available
as Free Software which can be downloaded anonymously without costs.
Because we know that this is the only way for some people to get
a software product which enables them to protect their communication.
As Gpg4win maintenance needs to be funded nevertheless, we recommend
that you set the price for yourself that shows the value of Gpg4win.

For use with official documents with VS-NfD / EU / NATO RESTRICTED 
classification https://gnupg.com offers the option to obtain the approved 
GnuPG VS-Desktop version.

Best Regards
  Bernhard on behalf of the Gpg4win Development Team

-- 
https://intevation.de/~bernhard         +49 541 33 508 3-3
Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998
Managing Directors: Frank Koormann, Bernhard Reiter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-announce/attachments/20250526/d1d94e56/attachment.sig>