*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: iceweasel-firegpg The version of firegpg that is marked for inclusion in jaunty is 0.5.dfsg-1. However, upstream says (at http://getfiregpg.org/install.html): Versions prior to 0.6 are affected by security issues. DO NOT USE THEM IN A PRODUCTION ENVIRONEMENT ! Version 0.7.5 appears to be the latest upstream version. The package for firegpg for debian was just removed from the archive until a new package can be built: http://bugs.debian.org/520118 http://bugs.debian.org/514386 The firegpg branch in launchpad appears to have 0.5.1, but that itself is still too old according to upstream: https://code.edge.launchpad.net/~ubuntu-dev/firefox- extensions/firegpg.ubuntu I recommend that until a recent version can be packaged without known vulnerabilities, firegpg should not be shipped in ubuntu. Sorry to be the bearer of bad tidings! ** Affects: iceweasel-firegpg (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- firegpg version 0.5 is insecure https://bugs.launchpad.net/bugs/345141 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
