[Announce] [security fix] GnuPG 2.0.22 released
Albert Chin
gnupg-users at mlists.thewrittenword.com
Tue Mar 11 19:30:24 CET 2014
On Sat, Oct 05, 2013 at 10:46:39AM +0200, Werner Koch wrote:
> We are pleased to announce the availability of a new stable GnuPG-2
> release: Version 2.0.22. This is a *security fix* release and all
> users are advised to updated to this version. See below for the
> impact of the problem.
>
> [[ snip snip ]]
>
> What's New in 2.0.22
> ====================
>
> * Fixed possible infinite recursion in the compressed packet
> parser. [CVE-2013-4402]
Does libgpg-error need updating as well? According to
https://bugzilla.redhat.com/show_bug.cgi?id=1015685 and
https://lwn.net/Articles/571943/ there is some indication of this but
looking at the changes between 1.10 and 1.11, I see nothing to
indicate an update to libgpg-error is necessary.
--
albert chin (china at thewrittenword.com)
More information about the Gnupg-users
mailing list