[Announce] [security] GPGME 1.5.1 and 1.4.4 released
Werner Koch
wk at gnupg.org
Thu Aug 7 17:08:49 CEST 2014
Hello!
I am pleased to announce version 1.5.1 of GPGME.
GnuPG Made Easy (GPGME) is a C language library that allows to add
support for cryptography to a program. It is designed to make access
to public key crypto engines as included in GnuPG easier for
applications. GPGME provides a high-level crypto API for encryption,
decryption, signing, signature verification, and key management.
This is a security fix release and it is suggested to update to this
version. Given that the 1.5 versions are quite new and implement
features which may raise problems with some software, I also released
version 1.4.4 with backported fixes.
* Noteworthy changes in version 1.5.1 (2014-07-30)
- Fixed possible overflow in gpgsm and uiserver engines.
[CVE-2014-3564]
- Added support for GnuPG 2.1's --with-secret option.
- Interface changes relative to the 1.5.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GPGME_KEYLIST_MODE_WITH_SECRET NEW.
* Noteworthy changes in version 1.4.4 (2014-07-30)
- Fixed possible overflow in gpgsm and uiserver engines.
[CVE-2014-3564]
- Fixed possibled segv in gpgme_op_card_edit.
- Fixed minor memleaks and possible zombie processes.
- Fixed prototype inconsistencies and void pointer arithmetic.
* Download
You may download version 1.5.1 from:
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.5.1.tar.bz2 (943k)
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.5.1.tar.bz2.sig
You may download version 1.4.4 from:
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.4.4.tar.bz2 (936k)
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.4.4.tar.bz2.sig
SHA-1 checksums are:
a91c258e79acf30ec86a667e07f835e5e79342d8 gpgme-1.5.1.tar.bz2
1f9f668886c25467987a11c0d37c45e1ffe66b8e gpgme-1.4.4.tar.bz2
* Support
Please send questions regarding the use of GPGME to the gnupg-devel
mailing list:
https://lists.gnupg.org/mailman/listinfo/gnupg-devel/
If you need commercial support, you may want to consult this listing:
https://www.gnupg.org/service.html
The driving force behind the development of the GnuPG system is my
company g10 Code. Maintenance and improvement of GnuPG and related
software takes up most of our resources. To allow us to continue our
work on free software, we ask to either purchase a support contract,
engage us for custom enhancements, or to donate money:
https://gnupg.org/donate/
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: </pipermail/attachments/20140807/4a4a7b4a/attachment.sig>
More information about the Gnupg-announce
mailing list