Package: gnupg2 Version: 2.0.19-1 Severity: critical Tags: security Justification: root security hole
Hi. This is a follow up for #697108 and CVE-2012-6085. While it seems that all world fixes this only for gpg 1.4.x Werner's bug entry[0,1] implies that 2.x is also affected. Could you please have a look? btw: Marking as root security hole, because people may use gpg2 to e.g. manually verify packages before installing them. Yeah I know,... apt would use gpg1 where it is already fixed. But better too high severity, than sorry ;) Cheers, Chris. [0] https://bugs.g10code.com/gnupg/issue1455 [1] https://bugs.g10code.com/gnupg/msg4493 _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
