[Gpg4win-users-en] When will the latest version of Gpg4win be patched with security fixes?
aheinecke at intevation.de
Mon Aug 4 16:59:35 CEST 2014
On Monday, August 04, 2014 - KW 32 09:54:00 PM Kosuke Kaizuka wrote:
> On Mon, 04 Aug 2014 11:57:35 +0800, Chris Marlow wrote:>
> >> GNU TLS is not GnuPG
> > gpg4win does use gnutls libraries, doesn't it?
> Yes, Gpg4win includes gnutls as a TLS library.
> Gpg4win 2.2.1 includes gnutls 2.12.21! (released on November 2012)
> Current latest gnutls 2.12 branch is 2.12.23 (released on February
> 2013), and patches are available for GNUTLS-SA-2013-2, GNUTLS-SA-2014-1,
I've update gpg4win accordingly.
> but not available for GNUTLS-SA-2014-3.
I've taken the patch from the ubuntu gnutls package for GNUTLS-SA-2014-3
We are still making some new releases / ironing out some problems but you can
expect a binary release (at least a beta) soon.
Please let me know if I've missed a patch / vulnerability.
Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
More information about the Gpg4win-users-en