OESF Portables Forum
Everything Else => Zaurus Distro Support and Discussion => Distros, Development, and Model Specific Forums => Archived Forums => Angstrom & OpenZaurus => Topic started by: Storm on March 10, 2006, 12:21:30 am
-
Hi all,
For the developers, when time permits, I would like to request the upgrade of gnupg to 1.4.2.2, due to a recently announced vulnerability (http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html) in versions of gpg older than this.
In a nutshell, an attacker could insert arbitrary data into a non-detached signature, which gnupg would then report as a good sig.
I need to find a place where I can install a build environment, else I would have a go at compiling it. If time permits, I will try to find place to set this up...
--Storm