[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[SECURITY] Fedora Core 6 Test Update: gnupg-1.4.7-2



---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2007-315
2007-03-06
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : gnupg
Version     : 1.4.7
Release     : 2
Summary     : A GNU utility for secure communication and data storage.
Description :
GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and
creating digital signatures. GnuPG has advanced key management
capabilities and is compliant with the proposed OpenPGP Internet
standard described in RFC2440. Since GnuPG doesn't use any patented
algorithm, it is not compatible with any version of PGP2 (PGP2.x uses
only IDEA for symmetric-key encryption, which is patented worldwide).

---------------------------------------------------------------------
Update Information:

This updates GnuPG to version 1.4.7, changing the default
behavior so that gnupg now flags message streams which
contain multiple plaintexts as an error. This prevents
errors which would occur when applications which called
gnupg assumed that this was already the default behavior.

Absent new bug reports, this package will be moved from
Testing to Final on or about 7 March 2007.
---------------------------------------------------------------------
* Mon Mar  5 2007 Nalin Dahyabhai <nalin redhat com> - 1.4.7-2
- update to 1.4.7, changing the default to not allow multiple plaintexts in
  a single stream
* Wed Dec  6 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.6-2
- rebuild
* Wed Dec  6 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.6-1
- update to 1.4.6, incorporating fixes for CVE-2006-6169 and CVE-2006-6235
* Tue Dec  5 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-13
- apply the termlib patch again
* Tue Dec  5 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-12
- don't apply the non-security termlib patch
* Tue Dec  5 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-11
- rebuild
* Tue Dec  5 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-10
- incorporate patch from Werner to fix use of stack variable after it goes
  out of scope (CVE-2006-6235, #218483)
* Fri Dec  1 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-9
- rebuild
- give configure a --with-termlib option which can be used to force the
  selection of libtermcap or libncurses, but don't flip the switch yet
* Fri Dec  1 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-8
- rebuild
* Fri Dec  1 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-7
- rebuild
* Fri Dec  1 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-6
- add patch for overflow in openfile.c from Werner's mail
  (CVE-2006-6169, #218506)
* Tue Oct 31 2006 Nalin Dahyabhai <nalin redhat com> - 1.4.5-5
- rebuild against current libcurl

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/6/

43bda6d08314af30fb40f3875c3d6b1d81b3847e  SRPMS/gnupg-1.4.7-2.src.rpm
43bda6d08314af30fb40f3875c3d6b1d81b3847e  noarch/gnupg-1.4.7-2.src.rpm
704742fb2d118c9a33a8f72fa7138d3f7e10da47  ppc/gnupg-1.4.7-2.ppc.rpm
39bd96abbfa5489a2c94857c9de936a4f68959bd  ppc/debug/gnupg-debuginfo-1.4.7-2.ppc.rpm
794facf78dda77eebd54b9a82b80a46be8c0e86b  x86_64/gnupg-1.4.7-2.x86_64.rpm
77dadcccb58277430d0454973a1925201bb640e0  x86_64/debug/gnupg-debuginfo-1.4.7-2.x86_64.rpm
eaa0d62a756ac8478bb56ece1b9cf2ecfc64e5d0  i386/gnupg-1.4.7-2.i386.rpm
48fd10092f177cfd1cf20e2dfa3ca698ecabb3aa  i386/debug/gnupg-debuginfo-1.4.7-2.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]