Package: gnupg2
Version: 2.0.19-1
Severity: critical
Tags: security
Justification: root security hole


Hi.

This is a follow up for #697108 and CVE-2012-6085.

While it seems that all world fixes this only for gpg 1.4.x Werner's
bug entry[0,1] implies that 2.x is also affected.
Could you please have a look?


btw: Marking as root security hole, because people may use gpg2 to
e.g. manually verify packages before installing them. Yeah I know,... apt
would use gpg1 where it is already fixed. But better too high severity, than
sorry ;)


Cheers,
Chris.

[0] https://bugs.g10code.com/gnupg/issue1455
[1] https://bugs.g10code.com/gnupg/msg4493


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to