[SECURITY] Fedora Core 5 Test Update: gnupg-1.4.5-2
Nalin Dahyabhai
nalin at redhat.com
Tue Aug 1 18:47:50 UTC 2006
---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2006-868
2006-08-01
---------------------------------------------------------------------
Product : Fedora Core 5
Name : gnupg
Version : 1.4.5
Release : 2
Summary : A GNU utility for secure communication and data storage.
Description :
GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and
creating digital signatures. GnuPG has advanced key management
capabilities and is compliant with the proposed OpenPGP Internet
standard described in RFC2440. Since GnuPG doesn't use any patented
algorithm, it is not compatible with any version of PGP2 (PGP2.x uses
only IDEA for symmetric-key encryption, which is patented worldwide).
---------------------------------------------------------------------
Update Information:
This update upgrades GnuPG to version 1.4.5 to correct
errors in the parsing of certain types of packets. Absent
new bug reports, it will be moved from testing to final on
or around 2 August 2006.
---------------------------------------------------------------------
* Tue Aug 1 2006 Nalin Dahyabhai <nalin at redhat.com> - 1.4.5-2
- rebuild
- reenable curl support
* Tue Aug 1 2006 Nalin Dahyabhai <nalin at redhat.com> - 1.4.5-1
- update to 1.4.5, fixing additional size overflows in packet parsing (#200904,
CVE-2006-3746)
- temporarily disable curl support again
* Fri Jul 28 2006 Nalin Dahyabhai <nalin at redhat.com> - 1.4.4.90-1
- update to 1.4.5rc1 to check for build problems, but mark it as 1.4.4.90
to avoid looking "newer" than the eventual 1.4.5
- because we call aclocal, buildrequire gettext-devel to get AM_GNU_GETTEXT
* Thu Jul 20 2006 Nalin Dahyabhai <nalin at redhat.com> - 1.4.4-7
- add BuildPrereq on curl-devel to get curl's ipv6 support (#198375)
* Wed Jul 12 2006 Nalin Dahyabhai <nalin at redhat.com> - 1.4.4-6
- fix a cast in gpgkeys_hkp to avoid tripping stack smashing or buffer overflow
detection (#198612)
* Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 1.4.4-5.1
- rebuild
* Wed Jul 5 2006 Nalin Dahyabhai <nalin at redhat.com> - 1.4.4-5
- try again using per-platform buildprereq (jkeating)
* Wed Jul 5 2006 Nalin Dahyabhai <nalin at redhat.com> - 1.4.4-4
- buildprereq libusb-devel, so that we get CCID support back (#197450)
* Mon Jun 26 2006 Nalin Dahyabhai <nalin at redhat.com> - 1.4.4-3
- rebuild
* Mon Jun 26 2006 Nalin Dahyabhai <nalin at redhat.com> - 1.4.4-2
- rebuild
* Mon Jun 26 2006 Nalin Dahyabhai <nalin at redhat.com> - 1.4.4-1
- update to 1.4.4
* Tue Jun 20 2006 Nalin Dahyabhai <nalin at redhat.com> - 1.4.3-5
- rebuild
* Tue Jun 20 2006 Nalin Dahyabhai <nalin at redhat.com> - 1.4.3-4
- add patch from upstream to fix CVE-2006-3082 (#195946)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/5/
ee5b0ceba78baaa484e34b6c7f3211a6d479a192 SRPMS/gnupg-1.4.5-2.src.rpm
ee5b0ceba78baaa484e34b6c7f3211a6d479a192 noarch/gnupg-1.4.5-2.src.rpm
5c23d2c2cbf5b71ec397cef7bf2ac73586187bde ppc/debug/gnupg-debuginfo-1.4.5-2.ppc.rpm
91beac48f363d0fd61835cc720945b4c5f79ad24 ppc/gnupg-1.4.5-2.ppc.rpm
ba88bf318e75077e82f13a24594256c78c41e351 x86_64/gnupg-1.4.5-2.x86_64.rpm
7c2dd7e6248d1d9540f1d4dd38266f9c621fe7da x86_64/debug/gnupg-debuginfo-1.4.5-2.x86_64.rpm
f1c351fb0add0314be57e9c3c754f8fc465c9f2c i386/debug/gnupg-debuginfo-1.4.5-2.i386.rpm
9090f832583b2506a4223b143fd30505b08cad9f i386/gnupg-1.4.5-2.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------
More information about the fedora-test-list
mailing list