[oi-dev] [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)
Michal Nowak
mnowak at startmail.com
Sun Jun 10 08:30:13 UTC 2018
Debian Security Tracker says that Debian's v2.0.x is affected:
https://security-tracker.debian.org/tracker/CVE-2018-12020. Most likely
ours is as well. There are two ways forward. Bumping our GnuPG to 2.2.8,
or rebase our current stream to Debian jessie v2.0.26-6+deb8u2.
Michal
On 06/09/18 08:56 PM, Andreas Wacknitz wrote:
> Hi all,
>
> I just saw that GnuPG announced the new version 2.2.8
> (https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html).
> I am not sure whether our GnuPG 2.0.30 is effected by this vulnerability.
> According to https://www.gnupg.org/download 2.0.x is eol'd 31.12.2017.
> So, do we need a new GnuPG?
>
> Regards,
> Andreas
>
>
> _______________________________________________
> oi-dev mailing list
> oi-dev at openindiana.org
> https://openindiana.org/mailman/listinfo/oi-dev
>
More information about the oi-dev
mailing list