gnupg 1.4.20-1ubuntu3.2 source package in Ubuntu

Changelog

gnupg (1.4.20-1ubuntu3.2) xenial-security; urgency=medium

  * SECURITY UPDATE: missing sanitization of verbose output
    - debian/patches/CVE-2018-12020.patch: Sanitize diagnostic with
      the original file name.
    - CVE-2018-12020

 -- Steve Beattie <email address hidden>  Fri, 08 Jun 2018 15:53:57 -0700

Upload details

Uploaded by:
Steve Beattie
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
utils
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
gnupg_1.4.20.orig.tar.gz 4.9 MiB dc1f1a6028488303a4efb01aadda480b9cd0f49f65aef94c432628fdd127e586
gnupg_1.4.20-1ubuntu3.2.debian.tar.xz 38.0 KiB 7b0d0bedc680f5018b465e22a8f8b1a94b9b7d8c323298f007d9d9a7c3163332
gnupg_1.4.20-1ubuntu3.2.dsc 2.4 KiB 82d0475c76cf306f4169c5f99554f39b71debd8d6f920da3fd4ce379301e5e81

View changes file

Binary packages built by this source

gnupg: GNU privacy guard - a free PGP replacement

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC 4880.
 .
 GnuPG 1.4 is the standalone, non-modularized series. In contrast to
 the version 2 series, shipped with the gnupg2 package, it comes
 with no support for S/MIME and some other tools useful for desktop
 environments, but also with less dependencies.
 .
 The gnupg package is built without libcurl. So it does not support
 HKPS keyservers. Install the gnupg-curl package if you want to use
 the keyserver helper tools built with libcurl and supporting HKPS.

gnupg-curl: GNU privacy guard - a free PGP replacement (cURL)

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC 4880.
 .
 This package contains the keyserver helper tools built with libcurl,
 which replace the ones in the gnupg package built with the "curl shim"
 variant of gnupg. This package provides support for HKPS keyservers.

gnupg-curl-dbgsym: debug symbols for package gnupg-curl

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC 4880.
 .
 This package contains the keyserver helper tools built with libcurl,
 which replace the ones in the gnupg package built with the "curl shim"
 variant of gnupg. This package provides support for HKPS keyservers.

gnupg-dbg: debugging symbols for gnupg

 GnuPG is GNU's tool for secure communication and data storage.
 .
 This package contains the debugging symbols for gnupg, gpgv, and
 gnupg-curl.

gnupg-dbgsym: debug symbols for package gnupg

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC 4880.
 .
 GnuPG 1.4 is the standalone, non-modularized series. In contrast to
 the version 2 series, shipped with the gnupg2 package, it comes
 with no support for S/MIME and some other tools useful for desktop
 environments, but also with less dependencies.
 .
 The gnupg package is built without libcurl. So it does not support
 HKPS keyservers. Install the gnupg-curl package if you want to use
 the keyserver helper tools built with libcurl and supporting HKPS.

gpgv: GNU privacy guard - signature verification tool

 GnuPG is GNU's tool for secure communication and data storage.
 .
 gpgv is a stripped-down version of gnupg which is only able to check
 signatures. It is smaller than the full-blown gnupg and uses a
 different (and simpler) way to check that the public keys used to
 make the signature are trustworthy.

gpgv-dbgsym: debug symbols for package gpgv

 GnuPG is GNU's tool for secure communication and data storage.
 .
 gpgv is a stripped-down version of gnupg which is only able to check
 signatures. It is smaller than the full-blown gnupg and uses a
 different (and simpler) way to check that the public keys used to
 make the signature are trustworthy.

gpgv-udeb: minimal signature verification tool

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC 4880.
 .
 This is GnuPG's signature verification tool, gpgv, packaged in minimal
 form for use in debian-installer.

gpgv-udeb-dbgsym: debug symbols for package gpgv-udeb

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC 4880.
 .
 This is GnuPG's signature verification tool, gpgv, packaged in minimal
 form for use in debian-installer.