[oi-dev] [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)
mnowak at startmail.com
Sun Jun 10 08:30:13 UTC 2018
Debian Security Tracker says that Debian's v2.0.x is affected:
https://security-tracker.debian.org/tracker/CVE-2018-12020. Most likely
ours is as well. There are two ways forward. Bumping our GnuPG to 2.2.8,
or rebase our current stream to Debian jessie v2.0.26-6+deb8u2.
On 06/09/18 08:56 PM, Andreas Wacknitz wrote:
> Hi all,
> I just saw that GnuPG announced the new version 2.2.8
> I am not sure whether our GnuPG 2.0.30 is effected by this vulnerability.
> According to https://www.gnupg.org/download 2.0.x is eol'd 31.12.2017.
> So, do we need a new GnuPG?
> oi-dev mailing list
> oi-dev at openindiana.org
More information about the oi-dev