[website] r1507 - in html/trunk/blfs/errata: 9.0 9.0-systemd

Tue, 26 Nov 2019 11:03:21 -0800 

Author: renodr
Date: Tue Nov 26 11:02:43 2019
New Revision: 1507

Log:
Add errata for GnuPG CVE-2019-14855

Modified:
   html/trunk/blfs/errata/9.0-systemd/index.html
   html/trunk/blfs/errata/9.0/index.html

Modified: html/trunk/blfs/errata/9.0-systemd/index.html
==============================================================================
--- html/trunk/blfs/errata/9.0-systemd/index.html       Mon Nov 25 21:26:01 
2019        (r1506)
+++ html/trunk/blfs/errata/9.0-systemd/index.html       Tue Nov 26 11:02:43 
2019        (r1507)
@@ -134,6 +134,13 @@
      the instructions in
      <a href="../../view/systemd/postlfs/nss.html">NSS-3.47.1</a>.</p>
 
+     <p>After release, a security flaw was discovered in the way that SHA-1
+     signatures are used in GnuPG. The SHA-1 support has been removed from
+     the "Web of Trust". Please update to GnuPG-2.2.18 or later using the
+     instructions in
+     <a href="../../view/systemd/postlfs/gnupg.html">GnuPG-2.2.18</a> if you
+     wish to still continue using GnuPG if you have a SHA-1 signature.</p>
+
      <h2>Known Security Vulnerabilities</h2>
      
      <p>A few packages are good at reporting that a new

Modified: html/trunk/blfs/errata/9.0/index.html
==============================================================================
--- html/trunk/blfs/errata/9.0/index.html       Mon Nov 25 21:26:01 2019        
(r1506)
+++ html/trunk/blfs/errata/9.0/index.html       Tue Nov 26 11:02:43 2019        
(r1507)
@@ -139,6 +139,13 @@
      the instructions in
      <a href="../../view/svn/postlfs/nss.html">NSS-3.47.1</a>.</p>
 
+     <p>After release, a security flaw was discovered in the way that SHA-1
+     signatures are used in GnuPG. The SHA-1 support has been removed from
+     the "Web of Trust". Please update to GnuPG-2.2.18 or later using the
+     instructions in
+     <a href="../../view/svn/postlfs/gnupg.html">GnuPG-2.2.18</a> if you
+     wish to still continue using GnuPG if you have a SHA-1 signature.</p>
+
 <!--
      <p>A vulnerability with available exploits in all recent versions of
      ghostscript has been fixed in the development book by patching gs-9.25.
-- 
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to