On Mon, 23 Mar 2015 11:05, ventur...@gmail.com said:
> Are the applicable parts of the issues highlighted here:
> http://www.openwall.com/lists/oss-security/2015/02/13/14
> Backported to 2.0.27?
Yes, all four:
1. 39978487863066e59bb657f5fe4e8baab510da7e
commit 7e12ec4c7d6df29a7d7935399fccd259
Hi Werner,
On 23 March 2015 at 09:48, Werner Koch wrote:
>> Am I right in thinking the issues found through fuzzing which led to
>> the release of 2.1.2 still have not be back ported to previous
>> releases? certainly most of the changes in the commits highlighted are
>> applicable accounting for
On Mon, 23 Mar 2015 06:31, ventur...@gmail.com said:
> In the 1.4.19 announcement, the entry: "Fixed bugs related to bogus
> keyrings." is the fix for CVE-2015-1606?
The Debian announcement describes this as
The keyring parsing code did not properly reject certain packet types
not belong
Hi,
In the 1.4.19 announcement, the entry: "Fixed bugs related to bogus
keyrings." is the fix for CVE-2015-1606?
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
The following commit appears to be present in 1.4.19
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff
