v0.3.2 fixes the setuid hole

Werner Koch wk at isil.d.shuttle.de
Thu Jul 9 17:17:11 CEST 1998


Please get the new release from 


or the diff 


you may also use the mirrors.

Is was possible to become root by using --version and a malicious
extension module.  I fixed this and added a sentinel just before the 
dlopen() which checks that we are not setuid anymore.

Noteworthy changes in version 0.3.2
    * Fixed some bugs when using --textmode (-seat)

    * Now displays the trust status of a positive verified message.

    * Keyrings are now scanned in the sequence they are added with
      --[secret-]keyring.  Note that the default keyring is implictly
      added as the very first one unless --no-default-keyring is used.

    * Fixed setuid and dlopen bug.

Please note, that I changed my keys; see README for details.
The reason is not security related but to allow other OpenPGP programs
to verify my signature.  


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 280 bytes
Desc: not available
Url : /pipermail/attachments/19980709/248b2466/attachment.bin

More information about the Gnupg-devel mailing list