[Announce] GnuPG for OS X 2.3.7 released

2022-07-11 Thread Ralph Seichter via Gnupg-users
GnuPG for OS X / macOS release 2.3.7 is now available for download via https://sourceforge.net/p/gpgosx/docu/Download/ . The disk image signature key was uploaded to keyservers on 2022-07-07 and should now be widely available. It can also be downloaded using https://www.seichter.de/pgp/gpgosx-sign

[Announce] GnuPG 2.3.7 released

2022-07-11 Thread Andre Heinecke via Gnupg-users
Hello! We are pleased to announce the availability of a new GnuPG release: 2.3.7. This release fixes CVE-2022-34903 which could be used to inject wrong status information in signatures. The status information could then be abused to display a wrong validity in Kleopatra and other users of GPGME

Re: GnuPG 2.2.36 released

2022-07-11 Thread Konstantin Ryabitsev via Gnupg-users
On Fri, Jul 08, 2022 at 11:07:36PM +0200, Ingo Klöcker wrote: > > That key doesn't appear to be provided via > > https://gnupg.org/signature_key.asc. > > Yes, it is. > > ``` > $ curl https://gnupg.org/signature_key.asc | gpg --import > [...] > gpg: key 549E695E905BA208: 1 signature not checked du