[NBLUG/talk] Re: [vox] [Fwd: Key validity bug in GnuPG 1.2.1 and earlier]
Peter Jay Salzman
p at dirac.org
Mon May 5 10:34:01 PDT 2003
begin ME <dugan at passwall.com>
> I know many of you use GPG, so I'm passing this on. This is likely not a
> serious issue for most of you. FYI:
>
> ---------------------------- Original Message ----------------------------
> Subject: Key validity bug in GnuPG 1.2.1 and earlier
> From: "David Shaw" <dshaw at jabberwocky.com>
> Date: Sat, May 3, 2003 18:35
> To: bugtraq at securityfocus.com
> --------------------------------------------------------------------------
>
> As part of the development of GnuPG 1.2.2, a bug was discovered in the key
> validation code. This bug causes keys with more than one user ID to give
> all user IDs on the key the amount of validity given to the most-valid
> key.
(snip)
> This bug has been fixed in the newly released GnuPG 1.2.2, and
> upgrading is the recommended fix for this problem.
nota bene: both debian/testing and debian/unstable are currently at gnupg/1.2.1.
debian/stable is at gnupg/1.0.6.
so all three branches are vulnerable.
pete
--
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
More information about the talk
mailing list