On Tue, 18 Oct 2022 08:59, Alessandro Vesely said:
> Debian fix kept the old version number 1.5.0-3, though:
FWIW: Debian thus misses
* Allow an OCSP server not to return the sent nonce. [rK24992a4a7a]
* Limited support for the Authenticated-Enveloped-Data content type.
[rK81fdcd680c12]
On Mon 17/Oct/2022 09:43:56 +0200 Werner Koch via Gnupg-users wrote:
How to check whether GnuPG has been fixed
~
GnuPG is the most prominent user of Libksba and it is not immediately
visible whether a fixed version of Libksba is used. To check this
__
SECURITY ADVISORY FOR LIBKSBA/GNUPG
(CVE-2022-3515)
g10 Code GmbH
__