As far as I know, the Ubuntu advisory reported was limited because early version of Ubuntu through Dapper used GnuPG 1.2 - 1.4. The vulnerability in question only affects GnuPG Packages >= 1.4.2.1
Please see the vulnerability report here: http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html The current version Arch currently has is not vulnerable to this attack. Not to say that being uber-bleeding edge would be nice. In fact: Here's a PKGBUILD for you if you want to branch out to the bleeding edge. # $Id: PKGBUILD,v 1.26 2006/03/15 05:58:41 tpowa Exp $ # Maintainer: dorphell <[EMAIL PROTECTED]> # Committer: Judd Vinet <[EMAIL PROTECTED]> pkgname=gnupg pkgver=1.4.3 pkgrel=1 pkgdesc="GNU Privacy Guard - a PGP replacement tool" depends=('zlib' 'bzip2' 'openldap' 'libusb') source=(ftp://ftp.gnupg.org/GnuPG/gnupg/$pkgname-$pkgver.tar.gz) url="http://www.gnupg.org/"; md5sums=('fcdf572a33dd037653707b128dd150a7') build() { cd $startdir/src/$pkgname-$pkgver ./configure --prefix=/usr make || return 1 ln -s $pkgname-$pkgver/scripts .. make DESTDIR=$startdir/pkg install } Cheers, -James On Thu, 2006-04-06 at 22:15 +0300, Hussam Al-Tayeb wrote: > archlinux's current version of gnupg is 1.4.2.2 > I read here about a security issue with gnupg > http://ubuntuforums.org/showthread.php?t=154919 > Is the archlinux package affected? If so, should we upgrade to gnupg 1.4.3? > > _______________________________________________ > arch mailing list > [email protected] > http://www.archlinux.org/mailman/listinfo/arch -- ------------------------- James Fryman E-Mail : [EMAIL PROTECTED] Cell : 757.812.3126 GnuPG : 0xDAE2C750
signature.asc
Description: This is a digitally signed message part
_______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
