-
gnupg (1.4.6-2ubuntu3~feisty1) feisty-backports; urgency=low
* Feisty backport
-- Jonathan Riddell <email address hidden> Thu, 2 Aug 2007 09:40:55 +0000
-
gnupg (1.4.6-1ubuntu2) feisty; urgency=low
* SECURITY UPDATE: without --status-fd, forged inline sigs can appear valid.
* debian/patches/50_stop_multiple_messages.dpatch: upstream patch.
* References
ftp://ftp.gnupg.org/gcrypt/gnupg/patches/gnupg-1.4.6-multiple-message.patch
CVE-2007-1263
-- Kees Cook <email address hidden> Wed, 7 Mar 2007 11:53:20 -0800
-
gnupg (1.4.6-1ubuntu1) feisty; urgency=low
* Merge from debian unstable, remaining changes:
- config.h.in: Disable mlock() test since it fails with ulimit 0 (on
buildds).
- debian/rules:
+ Do not install gpg as suid root, since that is not necessary with
kernels 2.6.8+.
+ Make the build fail if the test suite fails.
gnupg (1.4.6-1) unstable; urgency=high
* New upstream release.
* Fixes remotely controllable function pointer [CVE-2006-6235]
* 27_filename_overflow.dpatch: merged upstream, dropped.
* 24_gpgv_manpage_cleanup.dpatch: updated and a couple of additional
trivial fixes.
* debian/rules (binary-arch): info copy of manuals moved to
/usr/share/info - remove them there instead. Manuals are now built
from texi source, so install them from build tree, not top level.
* debian/copyright: update to add OpenSSL exemption for keyserver helper
tools.
-- Kees Cook <email address hidden> Tue, 12 Dec 2006 15:56:56 -0800
-
gnupg (1.4.5-3ubuntu2) feisty; urgency=low
* SECURITY UPDATE: unwound stack data use, leading to arbitrary code
execution.
* Add debian/patches/29_dxf_context_stack.dpatch: upstream patch, use heap
for allocation instead.
* References
CVE-2006-6235
-- Kees Cook <email address hidden> Wed, 6 Dec 2006 11:46:44 -0800
-
gnupg (1.4.5-3ubuntu1) feisty; urgency=low
* Merge to Debian unstable. Remaining Ubuntu changes:
- config.h.in: Disable mlock() test since it fails with ulimit 0 (on
buildds).
- debian/rules:
+ Do not install gpg as suid root, since that is not necessary with
kernels 2.6.8+.
+ Make the build fail if the test suite fails.
gnupg (1.4.5-3) unstable; urgency=high
* 27_filename_overflow.dpatch: new patch from upstream to fix buffer
overflow in ask_outfile_name().
-- Martin Pitt <email address hidden> Tue, 28 Nov 2006 19:06:47 +0100
-
gnupg (1.4.5-2ubuntu1) feisty; urgency=low
* Merge to Debian unstable. Remaining Ubuntu changes:
- config.h.in: Disable mlock() test since it fails with ulimit 0 (on
buildds).
- debian/rules:
+ Do not install gpg as suid root, since that is not necessary with
kernels 2.6.8+.
+ Make the build fail if the test suite fails.
gnupg (1.4.5-2) unstable; urgency=low
* debian/control: add gpgv package. Make gnupg package depend on it.
* debian/rules (binary-arch): add support for building gpgv package.
Adapt gnupg package creation accordingly.
* debian/rules (clean): clean gpgv package temporary directory.
gnupg (1.4.5-1) unstable; urgency=low
* New upstream release.
* 23_getkey_utf8_userid.dpatch: superseded by different fix upstream,
dropped.
* 26_user_id_overflow.dpatch: merged upstream, dropped.
* 25_de.po_fixes.dpatch: updated.
* debian/copyright: update FSF address.
* debian/changelog: convert to UTF-8.
* debian/control (Standards-Version): bump to 3.7.2.1.
-- Martin Pitt <email address hidden> Fri, 3 Nov 2006 09:18:26 +0100
-
gnupg (1.4.3-2ubuntu3) edgy; urgency=low
* SECURITY UPDATE: Local arbitrary code execution.
* Add debian/patches/27_comment_control_overflow.dpatch:
- Fix buffer overflows in parse_comment() and parse_gpg_control().
- Patch extracted from stable 1.4.5 release.
- Reproducer:
perl -e 'print "\xfd\xff\xff\xff\xff\xfe"'| gpg --no-armor
- Credit: Evgeny Legerov
- CVE-2006-3746
-- Martin Pitt <email address hidden> Thu, 3 Aug 2006 08:11:46 +0200