Package: gnupg Version: 1.4.1-1.sarge5 Severity: grave Justification: Introduces security hole Tags: security, sarge
Hi, in Sid, CVE-2006-6169 has been fixed with 1.4.5-3, but 1.4.1-1.sarge5 from Sarge is still missing the fix and therefore vulnerable. Details: http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html https://bugs.g10code.com/gnupg/issue728 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169 http://packages.qa.debian.org/g/gnupg/news/20061127T220204Z.html (Thanks to aba for pointing me to the right patch in the Sid version. :-) -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.33.2-1-dphys-k8-smp-64gb Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages gnupg depends on: ii devfsd 1.3.25-19 Daemon for the device file system ii libbz2-1.0 1.0.2-7 high-quality block-sorting file co ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an ii libldap2 2.1.30-8 OpenLDAP libraries ii libreadline5 5.0-10 GNU readline and history libraries ii libusb-0.1-4 2:0.1.10a-9.sarge.1 userspace USB programming library ii makedev 2.3.1-77 creates device files in /dev ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
