Ubuntu
gnupg package

gnupg 1.4.1-1ubuntu1.1 source package in Ubuntu

Changelog

gnupg (1.4.1-1ubuntu1.1) breezy-security; urgency=low

  * SECURITY UPDATE: Fix potential signature verification bypass.
  * Add debian/patches/23_verify_exit_code.dpatch:
    - Security fix for a verification weakness in gpgv.  Some input
      could lead to gpgv exiting with 0 even if the detached signature
      file did not carry any signature.  This is not as fatal as it
      might seem because the suggestion as always been not to rely on
      th exit code but to parse the --status-fd messages.  However it
      is likely that gpgv is used in that simplified way and thus we
      do this release.  Same problem with "gpg --verify" but nobody
      should have used this for signature verification without
      checking the status codes anyway.
    - Upstream patch from 1.4.2.1.
    - CVE-2006-0455

 -- Martin Pitt <email address hidden>   Fri, 17 Feb 2006 09:55:02 +0000

Upload details

Uploaded by:
Martin Pitt
Uploaded to:
Breezy
Original maintainer:
James Troup
Architectures:
any
Section:
utils
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
gnupg_1.4.1.orig.tar.gz 3.9 MiB 2e0c1b4e7fb8f449010f00cb4effd6372ef83ba04e8763fc793d889658af7fb0
gnupg_1.4.1-1ubuntu1.1.diff.gz 17.6 KiB 79ccc46b255d23ce1118735413e4dd7e6e5de6ff737c5220eb77cff8dc76994c
gnupg_1.4.1-1ubuntu1.1.dsc 684 bytes a341ce7af9e9961d915f2b707c42c67b024a457377cc2ac203f373bd9d831b45

View changes file

Binary packages built by this source

gnupg: No summary available for gnupg in ubuntu breezy.

No description available for gnupg in ubuntu breezy.

gpgv-udeb: No summary available for gpgv-udeb in ubuntu breezy.

No description available for gpgv-udeb in ubuntu breezy.