[Gpg4win-users-en] Security hole discovered with GnuPG

Werner Koch wk at gnupg.org
Fri Dec 15 14:13:44 CET 2006

On Fri, 15 Dec 2006 13:28, sorin.srbu at orgfarm.uu.se said:

> A few days ago it was reported that GnuPG had a hole in it or something. I
> don't know if a patch has been released yet, but when it does, will Gpg4win be

You mean CVE-2006-6235?  This was the reason we release 1.0.8 more
than a week ago.  There was also an announcement to the gpg4win
announce list:

(en) Fixed a serious and exploitable GnuPG bug in processing encrypted
     packages. [CVE-2006-6235]

(en) Fixed a buffer overflow occuring when using gpg in interactive
     mode on the command line. [CVE-2006-6169]

You better update gpg4win instead of using the standalong gnupg
version.  It should work two but it has not tested.



More information about the Gpg4win-users-en mailing list