Hi, In the 1.4.19 announcement, the entry: "Fixed bugs related to bogus keyrings." is the fix for CVE-2015-1606? https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
The following commit appears to be present in 1.4.19 http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648 Am I right in thinking the issues found through fuzzing which led to the release of 2.1.2 still have not be back ported to previous releases? certainly most of the changes in the commits highlighted are applicable accounting for the change of line numbers. Regards Sevan / Venture37 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
