[Gpg4win-users-en] Security hole discovered with GnuPG
Werner Koch
wk at gnupg.org
Fri Dec 15 14:13:44 CET 2006
On Fri, 15 Dec 2006 13:28, sorin.srbu at orgfarm.uu.se said:
> A few days ago it was reported that GnuPG had a hole in it or something. I
> don't know if a patch has been released yet, but when it does, will Gpg4win be
You mean CVE-2006-6235? This was the reason we release 1.0.8 more
than a week ago. There was also an announcement to the gpg4win
announce list:
(en) Fixed a serious and exploitable GnuPG bug in processing encrypted
packages. [CVE-2006-6235]
(en) Fixed a buffer overflow occuring when using gpg in interactive
mode on the command line. [CVE-2006-6169]
You better update gpg4win instead of using the standalong gnupg
version. It should work two but it has not tested.
Shalom-Salam,
Werner
More information about the Gpg4win-users-en
mailing list