Hello, I am pleased to announce a security update to the 1.2 series of GnuPG: Version 1.2.8.
The 1.2.x series has reached end of life status about 2 years ago. However, I make an update available for the sake of those who can't migrate to 1.4. There is no guarantee that all problems are solved in 1.2 - it is in general better to migrate to the activly maintained 1.4 series. You will find that version as well as corresponding signatures at the usual place (ftp://ftp.gnupg.org/gcrypt/gnupg/). Noteworthy changes in version 1.2.8 (2006-12-07) ------------------------------------------------ Backported security fixes. Note, that the 1.2.x series has reached end of life status. You should migrate to 1.4.x. * Fixed a serious and exploitable bug in processing encrypted packages. [CVE-2006-6235]. * Fixed a buffer overflow in gpg. [bug#728, CVE-2006-6169] * User IDs are now capped at 2048 bytes. This avoids a memory allocation attack [CVE-2006-3082]. * Added countermeasures against the Mister/Zuccherato CFB attack <http://eprint.iacr.org/2005/033>. Happy Hacking, Werner -- Werner Koch <[EMAIL PROTECTED]> The GnuPG Experts http://g10code.com Join the Fellowship and protect your Freedom! http://www.fsfe.org
pgppwq8f7dC1h.pgp
Description: PGP signature
_______________________________________________ Gnupg-announce mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-announce
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
