Summary: | <app-crypt/gnupg-2.1.2: Multiple vulnerabilities (CVE-2015-{1606,1607}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alonbl, crypto+disabled, hanno |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2015/q1/551 | ||
Whiteboard: | A3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 552936 | ||
Bug Blocks: |
Description
Kristian Fiskerstrand (RETIRED)
2015-02-13 20:52:28 UTC
All issues were fixed in v2.1.2 which appeared in Gentoo via https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/app-crypt/gnupg/gnupg-2.1.2.ebuild?hideattic=0&view=log This issue is likely fixed in 2.0.27 (https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html) and 1.4.19 (https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html), but 2.0 series is anyways on its way out in bug 606604 - 1.4 however will remain in tree for the foreseeable future Cleaned. GLSA Vote: No Arches and Maintainer(s), Thank you for your work. |