On Sat, Oct 05, 2013 at 10:46:39AM +0200, Werner Koch wrote: > We are pleased to announce the availability of a new stable GnuPG-2 > release: Version 2.0.22. This is a *security fix* release and all > users are advised to updated to this version. See below for the > impact of the problem. > > [[ snip snip ]] > > What's New in 2.0.22 > ==================== > > * Fixed possible infinite recursion in the compressed packet > parser. [CVE-2013-4402]
Does libgpg-error need updating as well? According to https://bugzilla.redhat.com/show_bug.cgi?id=1015685 and https://lwn.net/Articles/571943/ there is some indication of this but looking at the changes between 1.10 and 1.11, I see nothing to indicate an update to libgpg-error is necessary. -- albert chin ([email protected]) _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
