Debian Packages for [CVE-2022-3515] GnuPG / Libksba Security Advisory
Bernhard Reiter
bernhard at intevation.de
Tue Oct 25 09:24:16 CEST 2022
Am Dienstag 18 Oktober 2022 09:55:12 schrieb Werner Koch via Gnupg-users:
> On Tue, 18 Oct 2022 08:59, Alessandro Vesely said:
> > > If you see a version number of 1.6.2 or newer, you got the fix.
> > Debian fix kept the old version number 1.5.0-3, though:
The libksba8 debian packages for Buster and Bullseye are
1.3.5-2+deb10u1
1.5.0-3+deb11u1
and yes, the proposed check with gpgconf --show-versions
is not a test for Debian, check the package version instead.
> FWIW: Debian thus misses
For the upcoming version Debian of course has
1.6.2-3 and thus gets the new features.
Thanks to the maintainers (Andres Metzler and Markus Koschany
did the uploads). *wave*
See https://security-tracker.debian.org/tracker/CVE-2022-3515
It seems Debian was quite fast to react. :)
Regards,
Bernhard
--
https://intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20221025/29927219/attachment.sig>
More information about the Gnupg-users
mailing list