[gnupg-ru] [Announce] Maintenance release for GnuPG 1.2.x

Чт Дек 7 17:07:12 CET 2006

Hello,

I am pleased to announce a security update to the 1.2 series of
GnuPG: Version 1.2.8.

The 1.2.x series has reached end of life status about 2 years ago.
However, I make an update available for the sake of those who can't
migrate to 1.4.  There is no guarantee that all problems are solved in
1.2 - it is in general better to migrate to the activly maintained 1.4
series.

You will find that version as well as corresponding signatures at the
usual place (ftp://ftp.gnupg.org/gcrypt/gnupg/).

Noteworthy changes in version 1.2.8 (2006-12-07)
------------------------------------------------

    Backported security fixes.  Note, that the 1.2.x series has
    reached end of life status.  You should migrate to 1.4.x.

    * Fixed a serious and exploitable bug in processing encrypted
      packages. [CVE-2006-6235].

    * Fixed a buffer overflow in gpg. [bug#728, CVE-2006-6169]

    * User IDs are now capped at 2048 bytes.  This avoids a memory
      allocation attack [CVE-2006-3082].

    * Added countermeasures against the Mister/Zuccherato CFB attack
      <http://eprint.iacr.org/2005/033>.

Happy Hacking,

   Werner

-- 
Werner Koch                                      <wk на gnupg.org>
The GnuPG Experts                                http://g10code.com
Join the Fellowship and protect your Freedom!    http://www.fsfe.org
----------- следущая часть -----------
Вложение не в текстовом формате было извлечено&hellip;
Имя     : отсутствует
Тип     : application/pgp-signature
Размер  : 196 байтов
Описание: отсутствует
Url     : /pipermail/attachments/20061207/2e2372f7/attachment.pgp 
----------- следущая часть -----------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce на gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce