[Announce] GnuPG security fix 1.0.6
Werner Koch
wk@gnupg.org
Fri Jun 1 18:15:01 2001
On Fri, 1 Jun 2001, Nick Andriash wrote:
> > ftp://ftp.gnupg.org/gcrypt/binaty/gnupg-w32-1.0.6.zip
Well, r and t are not that far away from each other - sorry.
> > ftp://ftp.gnupg.org/gcrypt/binaty/gnupg-w32-1.0.6.zip
I cutted, pasted and forgot to append the .sig :-(
> archive, gpg.exe is identical in size and date to the original 1.0.6
> release. How can we tell whether we have the one that contains the bug
Original 1.0.6 release? That is the original one - I have just not
came around to write the announcement.
Frankly, that exploit does not work under Windows but there might be
other things lurking in the Windows version - meanwhile I noticed
that. Not that serious but should be fixed.
The new thing in the Windows version is that the Keyserver bug has
been fixed.
Here is the MD5 checksum of the Windows binary. You can use an
old gpg version to calculate an md5 sum under W32:
gpg --print-md md5 filename
1dbf36a54b20026562e22a76d3ae06aa gnupg-w32-1.0.6.zip
Werner
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus