gnupg2 2.2.8-3ubuntu1.1 source package in Ubuntu

Changelog

gnupg2 (2.2.8-3ubuntu1.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: CSRF in dirmngr
    - debian/patches/CVE-2018-1000858.patch: don't follow a redirect in
      dirmngr/Makefile.am, dirmngr/http.c, dirmngr/http.h,
      dirmngr/ks-engine-hkp.c, dirmngr/ks-engine-http.c,
      dirmngr/t-http-basic.c, dirmngr/t-http.c.
    - CVE-2018-1000858

 -- Marc Deslauriers <email address hidden>  Thu, 10 Jan 2019 08:01:09 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2019-01-10
Uploaded to:
Cosmic
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
utils
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Cosmic updates on 2019-01-10 main utils
Cosmic security on 2019-01-10 main utils

Downloads

File Size SHA-256 Checksum
gnupg2_2.2.8.orig.tar.bz2 6.3 MiB 777b4cb8ced21965a5053d4fa20fe11484f0a478f3d011cef508a1a49db50dcd
gnupg2_2.2.8-3ubuntu1.1.debian.tar.bz2 75.0 KiB 32700406fe1afef4b16450095abf2fa83918a55c2a2c7bfaeee2a0d6eb3047d7
gnupg2_2.2.8-3ubuntu1.1.dsc 3.5 KiB 47b22310816846275ab6add391723f7f198a95af9d464b4af8bae95c3a617e30

Available diffs

  • diff from 2.2.8-1ubuntu1 to 2.2.8-3ubuntu1.1 (pending)

View changes file

Binary packages built by this source

dirmngr: GNU privacy guard - network certificate management service

 dirmngr is a server for managing and downloading OpenPGP and X.509
 certificates, as well as updates and status signals related to those
 certificates. For OpenPGP, this means pulling from the public
 HKP/HKPS keyservers, or from LDAP servers. For X.509 this includes
 Certificate Revocation Lists (CRLs) and Online Certificate Status
 Protocol updates (OCSP). It is capable of using tor for network
 access.
 .
 dirmngr is used for network access by gpg, gpgsm, and dirmngr-client,
 among other tools. Unless this package is installed, the parts of
 the GnuPG suite that try to interact with the network will fail.

dirmngr-dbgsym: debug symbols for dirmngr
gnupg: GNU privacy guard - a free PGP replacement

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC4880.
 .
 This package contains the full suite of GnuPG tools for cryptographic
 communications and data storage.

gnupg-agent: GNU privacy guard - cryptographic agent (dummy transitional package)

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC4880.
 .
 This is a dummy transitional package; please use gpg-agent instead.

gnupg-l10n: GNU privacy guard - localization files

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC 4880.
 .
 This package contains the translation files for the use of GnuPG in
 non-English locales.

gnupg-utils: GNU privacy guard - utility programs

 GnuPG is GNU's tool for secure communication and data storage.
 .
 This package contains several useful utilities for manipulating
 OpenPGP data and other related cryptographic elements. It includes:
 .
  * addgnupghome -- create .gnupg home directories
  * applygnupgdefaults -- run gpgconf --apply-defaults for all users
  * gpgcompose -- an experimental tool for constructing arbitrary
                  sequences of OpenPGP packets (e.g. for testing)
  * gpgparsemail -- parse an e-mail message into annotated format
  * gpgsplit -- split a sequence of OpenPGP packets into files
  * gpg-zip -- encrypt or sign files in an archive
  * kbxutil -- list, export, import Keybox data
  * lspgpot -- convert PGP ownertrust values to GnuPG
  * migrate-pubring-from-classic-gpg -- use only "modern" formats
  * symcryptrun -- use simple symmetric encryption tool in GnuPG framework
  * watchgnupg -- watch socket-based logs

gnupg-utils-dbgsym: debug symbols for gnupg-utils
gnupg2: GNU privacy guard - a free PGP replacement (dummy transitional package)

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC4880.
 .
 This is a dummy transitional package that provides symlinks from gpg2
 to gpg.

gpg: GNU Privacy Guard -- minimalist public key operations

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC4880.
 .
 This package contains /usr/bin/gpg itself, and is useful on its own
 only for public key operations (encryption, signature verification,
 listing OpenPGP certificates, etc). If you want full capabilities
 (including secret key operations, network access, etc), please
 install the "gnupg" package, which pulls in the full suite of tools.

gpg-agent: GNU privacy guard - cryptographic agent

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC4880.
 .
 This package contains the agent program gpg-agent which handles all
 secret key material for OpenPGP and S/MIME use. The agent also
 provides a passphrase cache, which is used by pre-2.1 versions of
 GnuPG for OpenPGP operations. Without this package, trying to do
 secret-key operations with any part of the modern GnuPG suite will
 fail.

gpg-agent-dbgsym: debug symbols for gpg-agent
gpg-dbgsym: debug symbols for gpg
gpg-wks-client: GNU privacy guard - Web Key Service client

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC4880.
 .
 This package provides the GnuPG client for the Web Key Service
 protocol.
 .
 A Web Key Service is a service that allows users to upload keys per
 mail to be verified over https as described in
 https://tools.ietf.org/html/draft-koch-openpgp-webkey-service
 .
 For more information see: https://wiki.gnupg.org/WKS

gpg-wks-client-dbgsym: debug symbols for gpg-wks-client
gpg-wks-server: GNU privacy guard - Web Key Service server

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC4880.
 .
 This package provides the GnuPG server for the Web Key Service
 protocol.
 .
 A Web Key Service is a service that allows users to upload keys per
 mail to be verified over https as described in
 https://tools.ietf.org/html/draft-koch-openpgp-webkey-service
 .
 For more information see: https://wiki.gnupg.org/WKS

gpg-wks-server-dbgsym: debug symbols for gpg-wks-server
gpgconf: GNU privacy guard - core configuration utilities

 GnuPG is GNU's tool for secure communication and data storage.
 .
 This package contains core utilities used by different tools in the
 suite offered by GnuPG. It can be used to programmatically edit
 config files for tools in the GnuPG suite, to launch or terminate
 per-user daemons (if installed), etc.

gpgconf-dbgsym: debug symbols for gpgconf
gpgsm: GNU privacy guard - S/MIME version

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC4880.
 .
 This package contains the gpgsm program. gpgsm is a tool to provide
 digital encryption and signing services on X.509 certificates and the
 CMS protocol. gpgsm includes complete certificate management.

gpgsm-dbgsym: debug symbols for gpgsm
gpgv: GNU privacy guard - signature verification tool

 GnuPG is GNU's tool for secure communication and data storage.
 .
 gpgv is actually a stripped-down version of gpg which is only able
 to check signatures. It is somewhat smaller than the fully-blown gpg
 and uses a different (and simpler) way to check that the public keys
 used to make the signature are valid. There are no configuration
 files and only a few options are implemented.

gpgv-dbgsym: debug symbols for gpgv
gpgv-static: minimal signature verification tool (static build)

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC 4880.
 .
 This is GnuPG's signature verification tool, gpgv, built statically
 so that it can be directly used on any platform that is running on
 the Linux kernel. Android and ChromeOS are two well known examples,
 but there are many other platforms that this will work for, like
 embedded Linux OSes. This gpgv in combination with debootstrap and
 the Debian archive keyring allows the secure creation of chroot
 installs on these platforms by using the full Debian signature
 verification that is present in all official Debian mirrors.

gpgv-static-dbgsym: debug symbols for gpgv-static
gpgv-udeb: minimal signature verification tool

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC 4880.
 .
 This is GnuPG's signature verification tool, gpgv, packaged in minimal
 form for use in debian-installer.

gpgv-win32: GNU privacy guard - signature verification tool (win32 build)

 GnuPG is GNU's tool for secure communication and data storage.
 .
 gpgv is a stripped-down version of gnupg which is only able to check
 signatures. It is smaller than the full-blown gnupg and uses a
 different (and simpler) way to check that the public keys used to
 make the signature are trustworthy.
 .
 This is a win32 version of gpgv. It's meant to be used by the win32-loader
 component of Debian-Installer.

gpgv2: GNU privacy guard - signature verification tool (dummy transitional package)

 GnuPG is GNU's tool for secure communication and data storage. gpgv
 is a stripped-down version of gpg which is only able to check
 signatures.
 .
 This is a dummy transitional package that provides symlinks from gpgv2
 to gpgv.

scdaemon: GNU privacy guard - smart card support

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC4880.
 .
 This package contains the smart card program scdaemon, which is used
 by gpg-agent to access OpenPGP smart cards.

scdaemon-dbgsym: debug symbols for scdaemon