[Gpg4win-users-en] Security hole discovered with GnuPG
Sorin Srbu
sorin.srbu at orgfarm.uu.se
Fri Dec 15 14:28:07 CET 2006
Werner Koch <mailto:wk at gnupg.org> wrote on Friday, December 15, 2006 2:14 PM:
>> A few days ago it was reported that GnuPG had a hole in it or something. I
>> don't know if a patch has been released yet, but when it does, will
>> Gpg4win be
>
> You mean CVE-2006-6235? This was the reason we release 1.0.8 more
> than a week ago. There was also an announcement to the gpg4win
> announce list:
I believe it was. I must've subbed to this list just after the announce. 8-)
> (en) Fixed a serious and exploitable GnuPG bug in processing encrypted
> packages. [CVE-2006-6235]
>
> (en) Fixed a buffer overflow occuring when using gpg in interactive
> mode on the command line. [CVE-2006-6169]
>
>
> You better update gpg4win instead of using the standalong gnupg
> version. It should work two but it has not tested.
Ok.
I dowloaded the gpg4win-package (with GnuPg v1.4.6) just a few days before the
message was announced at our university. Wasn't sure v1.4.6 was the fixed
version or not.
Anyway, this is the version I have, so I'm probably fixed by having installed
GPG4win v1.0.8.
Thx.
More information about the Gpg4win-users-en
mailing list