[Gpg4win-devel] [gpg4win-Bugs][1241] "vulnerable" GTK should be updated

gpg4win-bugs@wald.intevation.org gpg4win-bugs at wald.intevation.org
Wed Jan 13 13:53:38 CET 2010


Bugs item #1241, was opened at 2010-01-13 13:53
Status: Open
Priority: 3
Submitted By: Olav Seyfarth (nursoda)
Assigned to: Nobody (None)
Summary: "vulnerable" GTK should be updated 
Resolution: None
Severity: normal
Version: 2.0.1
Component: None
Operating System: Windows XP
Product: gpg4win exe-Installer
Hardware: PC
URL: 


Initial Comment:
Using Secunias Personal Software Inspector in Expert mode, it shows C:\Program Files\GNU\GnuPG\libgdk-win32-2.0-0.dll be vulnerable and proposes to install a newer GTK+ release. Doing so renders GnuPG unusable.

While the bug itself is classified "not critical" by Secunia (http://secunia.com/advisories/37852/), a security component such as GPG4Win should not contain parts that have known weaknesses.

Thus I propose to release an updated GPG4Win version that includes patched GTK+ libraries.

----------------------------------------------------------------------

You can respond by visiting: 
http://wald.intevation.org/tracker/?func=detail&atid=126&aid=1241&group_id=11



More information about the Gpg4win-devel mailing list