Re: [oi-dev] [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

[Michal Nowak]

Debian Security Tracker says that Debian's v2.0.x is affected: 
https://security-tracker.debian.org/tracker/CVE-2018-12020. Most likely 
ours is as well. There are two ways forward. Bumping our GnuPG to 2.2.8, 
or rebase our current stream to Debian jessie v2.0.26-6+deb8u2.


Michal

On 06/09/18 08:56 PM, Andreas Wacknitz wrote:

Hi all,

I just saw that GnuPG announced the new version 2.2.8
(https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html).
I am not sure whether our GnuPG 2.0.30 is effected by this vulnerability.
According to https://www.gnupg.org/download 2.0.x is eol'd 31.12.2017.
So, do we need a new GnuPG?

Regards,
Andreas


___
oi-dev mailing list
oi-dev@openindiana.org
https://openindiana.org/mailman/listinfo/oi-dev



___
oi-dev mailing list
oi-dev@openindiana.org
https://openindiana.org/mailman/listinfo/oi-dev

[oi-dev] [Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

[Andreas Wacknitz]

Hi all,

I just saw that GnuPG announced the new version 2.2.8
(https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html).
I am not sure whether our GnuPG 2.0.30 is effected by this vulnerability.
According to https://www.gnupg.org/download 2.0.x is eol'd 31.12.2017.
So, do we need a new GnuPG?

Regards,
Andreas
___
oi-dev mailing list
oi-dev@openindiana.org
https://openindiana.org/mailman/listinfo/oi-dev