Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

On Mon, 11 Jun 2018 10:06, marco.maggi-i...@poste.it said: > I fixed this by upgrading to the latest libgpg-error. This means the > gnupg package does not detect the installed libgpg-error version > correctly? Merge fault, sorry. See https://dev.gnupg.org/T4012 for a fix. Salam-Sha

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

On Mon, 11 Jun 2018 11:07, pe...@digitalbrains.com said: > attempt to decrypt the block in the first message by Werner, as soon as > it was part of a quote, starting with "> ", Enigmail will try to > process it. Type in the passphrase "abc" without quotes, and you'll I'd call that a TB bug. Th

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

I did NOT encrypt the Message, just signed it with my PGP-Key - This message is now without sign or encrypt Am 2018-06-10 um 22:50 schrieb Jean-David Beyer: > On 06/10/2018 01:25 PM, Juergen Bruckner wrote: >> Hello Werner, >> >> i Use Linux Mint 18.3 with GnuPG 2.1.11; which is the easiest way to

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

> (Could you please trim your quotes? Incidentally, this would have > prevented the problem in the first place, both on the first and on your > reply). > Thanks for the hint > It would appear that at least Enigmail (mine is from Debian > stable/stretch) ignores an inline encrypted block if it is

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

(Could you please trim your quotes? Incidentally, this would have prevented the problem in the first place, both on the first and on your reply). On 10/06/18 22:50, Jean-David Beyer wrote: > It says part of your message to me was encrypted and prompted me for my > passphrase, but it must not have

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

"Marco Maggi" wrote: >mainproc.c:686:14: error: 'GPGRT_LOGLVL_INFO' undeclared (first use in this >function); did you mean 'GPGRT_LOG_INFO'? I fixed this by upgrading to the latest libgpg-error. This means the gnupg package does not detect the installed libgpg-error version correctly?

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

Hello, two fixes for the anouncement: >CVE-2018-12020 was assigned to this bug; GnuPG tracks > it at . https://dev.gnupg.org/T4012 > and pass to this pipeline > > gpg --no-options -vd 2>&1 | grep '^\[GNUPG:] INJECTED' enter the needed passphrase 'abc' in your pi

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

Ciao, running"make" failswithundeclaredsymbol.Onmy x86_64-pc-linux-gnu (Slackware) I downloaded: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.8.tar.bz2 configured with: configure --prefix=/usr/local --libdir=/usr/local/lib64 CFLAGS=-O3 I get this report:

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

On 06/10/2018 01:25 PM, Juergen Bruckner wrote: > Hello Werner, > > i Use Linux Mint 18.3 with GnuPG 2.1.11; which is the easiest way to > Update it to 2.2.8? > > > I'm pretty new to the Linux-World, but as far i know i have NOT included > a "own" GnuPG Repo in my Repo-List. > > best regards >

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

Hello Werner, i Use Linux Mint 18.3 with GnuPG 2.1.11; which is the easiest way to Update it to 2.2.8? I'm pretty new to the Linux-World, but as far i know i have NOT included a "own" GnuPG Repo in my Repo-List. best regards Juergen Am 2018-06-08 um 15:40 schrieb Werner Koch: > Hello! > > We

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

On Fri, 8 Jun 2018 20:29, d...@fifthhorseman.net said: > I'm having the same problem. Werner, what is the passphrase for this > test example? abc Sorry. I guess i rushed this thing out a bit too fast. Salam-Shalom, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine #

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

On Fri 2018-06-08 14:29:52 -0400, Daniel Kahn Gillmor wrote: > On Fri 2018-06-08 17:03:07 +0200, Andre Heinecke wrote: > >> I have a problem with the test >> It asks me for a symetric passphrase. > > I'm having the same problem. Werner, what is the passphrase for this > test example? ah, the pass

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

On Fri 2018-06-08 17:03:07 +0200, Andre Heinecke wrote: > I have a problem with the test > It asks me for a symetric passphrase. I'm having the same problem. Werner, what is the passphrase for this test example? --dkg ___ Gnupg-users mailing lis

Re: [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

Hi, I have a problem with the test On Friday 8 June 2018 15:40:55 CEST Werner Koch wrote: > [1] If you want to test whether you are affected by this bug, remove the > indentation from the following block > > -BEGIN PGP MESSAGE- > > jA0EBwMC1pW2pqoYvbXl0p4Bo5z/v7PXy7T1BY/KQxWaE9uTB

[Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

Hello! We are pleased to announce the availability of a new GnuPG release: version 2.2.8. This version fixes a critical security bug and comes with some other minor changes. Impact == All current GnuPG versions are affected on all platforms. All mail clients and other applications which m