[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[SECURITY] Fedora Core 5 Update: gnupg-1.4.7-1



---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-316
2007-03-12
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : gnupg
Version     : 1.4.7
Release     : 1
Summary     : A GNU utility for secure communication and data storage.
Description :
GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and
creating digital signatures. GnuPG has advanced key management
capabilities and is compliant with the proposed OpenPGP Internet
standard described in RFC2440. Since GnuPG doesn't use any patented
algorithm, it is not compatible with any version of PGP2 (PGP2.x uses
only IDEA for symmetric-key encryption, which is patented worldwide).

---------------------------------------------------------------------
Update Information:

This updates GnuPG to version 1.4.7, changing the default
behavior so that gnupg now flags message streams which
contain multiple plaintexts as an error.  This prevents
errors which would occur when applications which called
gnupg assumed that this was already the default behavior.
---------------------------------------------------------------------
* Mon Mar  5 2007 Nalin Dahyabhai <nalin redhat com> - 1.4.7-1
- update to 1.4.7, changing the default to not allow multiple plaintexts in
  a single stream
* Wed Dec  6 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.6-1
- update to 1.4.6, incorporating fixes for CVE-2006-6169 and CVE-2006-6235
* Tue Dec  5 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-13
- apply the termlib patch again
* Tue Dec  5 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-12
- don't apply the non-security termlib patch
* Tue Dec  5 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-11
- rebuild
* Tue Dec  5 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-10
- incorporate patch from Werner to fix use of stack variable after it goes
  out of scope (CVE-2006-6235, #218483)
* Fri Dec  1 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-9
- rebuild
- give configure a --with-termlib option which can be used to force the
  selection of libtermcap or libncurses, but don't flip the switch yet
* Fri Dec  1 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-8
- rebuild
* Fri Dec  1 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-7
- rebuild
* Fri Dec  1 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-6
- add patch for overflow in openfile.c from Werner's mail
  (CVE-2006-6169, #218506)
* Tue Oct 31 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-5
- rebuild against current libcurl
* Fri Aug 18 2006 Jesse Keating <jkeating redhat com> - 1.4.5-4
- rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc*
  (#203001)
* Tue Aug  1 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-3
- rebuild
* Tue Aug  1 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-2
- rebuild
- reenable curl support
* Tue Aug  1 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-1
- update to 1.4.5, fixing additional size overflows in packet parsing (#200904,
  CVE-2006-3746)
- temporarily disable curl support again
* Fri Jul 28 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.4.90-1
- update to 1.4.5rc1 to check for build problems, but mark it as 1.4.4.90
  to avoid looking "newer" than the eventual 1.4.5
- because we call aclocal, buildrequire gettext-devel to get AM_GNU_GETTEXT
* Thu Jul 20 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.4-7
- add BuildPrereq on curl-devel to get curl's ipv6 support (#198375)
* Wed Jul 12 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.4-6
- fix a cast in gpgkeys_hkp to avoid tripping stack smashing or buffer overflow
  detection (#198612)
* Wed Jul 12 2006 Jesse Keating <jkeating redhat com> - 1.4.4-5.1
- rebuild
* Wed Jul  5 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.4-5
- try again using per-platform buildprereq (jkeating)
* Wed Jul  5 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.4-4
- buildprereq libusb-devel, so that we get CCID support back (#197450)
* Mon Jun 26 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.4-3
- rebuild
* Mon Jun 26 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.4-2
- rebuild
* Mon Jun 26 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.4-1
- update to 1.4.4
* Tue Jun 20 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.3-5
- rebuild
* Tue Jun 20 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.3-4
- add patch from upstream to fix CVE-2006-3082 (#195946)

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

ae0d0549217a46cd21228d78dcce76de79ed7642  SRPMS/gnupg-1.4.7-1.src.rpm
ae0d0549217a46cd21228d78dcce76de79ed7642  noarch/gnupg-1.4.7-1.src.rpm
20c068e0ff52ac816569083dcf6a45d308802730  ppc/debug/gnupg-debuginfo-1.4.7-1.ppc.rpm
ccefce67bdd00bb7562dce06ab9d4a582e0605ff  ppc/gnupg-1.4.7-1.ppc.rpm
8b1540660442b83668f1c666b08f0e777da9e200  x86_64/gnupg-1.4.7-1.x86_64.rpm
9008faa7b46740402c2e094eb4dbc135cf7683c2  x86_64/debug/gnupg-debuginfo-1.4.7-1.x86_64.rpm
a5b394925c749ca2ed120c556f41fe6d181a7ddd  i386/debug/gnupg-debuginfo-1.4.7-1.i386.rpm
3c3d7a9bc20d928dbf89cdb46f30dba90432813b  i386/gnupg-1.4.7-1.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]