Hi all,
For the developers, when time permits, I would like to request the upgrade of gnupg to 1.4.2.2, due to a recently announced
vulnerability in versions of gpg older than this.
In a nutshell, an attacker could insert arbitrary data into a non-detached signature, which gnupg would then report as a good sig.
I need to find a place where I can install a build environment, else I would have a go at compiling it. If time permits, I will try to find place to set this up...
--Storm
