Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7897eadf67144a237334450d05396572daa60e34.camel@debian.org>
Date: Sun, 10 Jun 2018 18:38:47 +0200
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com, marcus.brinkmann@...r-uni-bochum.de
Subject: Re: Re : Re: CVE-2018-12020 in GnuPG

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sun, 2018-06-10 at 10:58 -0400, Stiepan wrote:

Hi Stepian,

> This responsibility discussion is all well and fine, but now that this is
> half-public, may we know for sure whether we are affected :
> 1. as debian(-like) package consumers

Not entirely sure what you mean here, but if you're talking about the apt
package managers (which relies on gpgv for signature verification), it's
currently investigated.

Note that all supported suites have had their gnupg version updated: https://s
ecurity-tracker.debian.org/tracker/CVE-2018-12020

Regards,
- -- 
Yves-Alexis
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlsdVBcACgkQ3rYcyPpX
RFvs6wgAyOwnS9uaOmW1Qg6pM7iKDlTYVe7SteOlVn6QyAQzKhTmsazdo+xZJ6+y
Bd7BScDNRRvyTCZKtqyMvuTMCBjVoGcIQoGvrZW64X9wVCCgk/U5bpe39WwTpePZ
uScfW3MZKGOvYEKAGbC8aZDbTAkJ1D1HjOe0xVAv7Ifc0lpinYJSwQ2dEu9qDyRm
jxD9IpsZwAA2IX+yAb87ebW5Cm6ZFMoWUuj2VmE8Eth3k6wmHexLahiz/JR+qrET
+s3aRcDTae7dajEPfIWLrSnxxVYHrdYs3xiDsD4NbapJ2YACSZ/ayL8P5GWIuQZ/
tipCq/jMIikHy59/fc247FOxSgCOew==
=c5lf
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.