[Announce] GnuPG security fix 1.0.6

Werner Koch wk@gnupg.org
Fri Jun 1 18:15:01 2001


On Fri, 1 Jun 2001, Nick Andriash wrote:


> > ftp://ftp.gnupg.org/gcrypt/binaty/gnupg-w32-1.0.6.zip
Well, r and t are not that far away from each other - sorry.
> > ftp://ftp.gnupg.org/gcrypt/binaty/gnupg-w32-1.0.6.zip
I cutted, pasted and forgot to append the .sig :-(
> archive, gpg.exe is identical in size and date to the original 1.0.6
> release. How can we tell whether we have the one that contains the bug
Original 1.0.6 release? That is the original one - I have just not came around to write the announcement. Frankly, that exploit does not work under Windows but there might be other things lurking in the Windows version - meanwhile I noticed that. Not that serious but should be fixed. The new thing in the Windows version is that the Keyserver bug has been fixed. Here is the MD5 checksum of the Windows binary. You can use an old gpg version to calculate an md5 sum under W32: gpg --print-md md5 filename 1dbf36a54b20026562e22a76d3ae06aa gnupg-w32-1.0.6.zip Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus