diff options
| author | Werner Koch <[email protected]> | 2006-02-14 18:39:24 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2006-02-14 18:39:24 +0000 |
| commit | 820225458175ed521bd83143fe7aa176d57801e4 (patch) | |
| tree | 8229b747a419b5d0cbd6d85f0af9b80f6ff8e329 /NEWS | |
| parent | This commit was manufactured by cvs2svn to create tag 'V1-4-2'. (diff) | |
| download | gnupg-1-4-2.tar.gz gnupg-1-4-2.zip | |
Security fixV1-4-2
Diffstat (limited to '')
| -rw-r--r-- | NEWS | 17 |
1 files changed, 16 insertions, 1 deletions
@@ -1,3 +1,18 @@ +Noteworthy changes in version 1.4.2.1 (2006-02-14) +-------------------------------------------------- + + * Security fix for a verification weakness in gpgv. Some input + could lead to gpgv exiting with 0 even if the detached signature + file did not carry any signature. This is not as fatal as it + might seem because the suggestion as always been not to rely on + th exit code but to parse the --status-fd messages. However it + is likely that gpgv is used in that simplified way and thus we + do this release. Same problem with "gpg --verify" but nobody + should have used this for signature verification without + checking the status codes anyway. Thanks to the taviso from + Gentoo for reporting this problem. + + Noteworthy changes in version 1.4.2 (2005-07-26) ------------------------------------------------ @@ -1788,7 +1803,7 @@ Noteworthy changes in version 0.2.3 Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, - 2005 Free Software Foundation, Inc. + 2005, 2006 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without |