So on & so forth
Peter Lebbing
peter at digitalbrains.com
Tue Aug 19 22:27:04 CEST 2014
On 19/08/14 21:52, Ludwig Hügelschäfer wrote:
> Ack. They use the build system from homebrew. They update recipes from
> time to time, but their releases normally go only with major Mac OS X
> updates (e.g. 10.8 -> 10.9), as in last october with 2.0.22. Their
> main target is the gpg-plugin for Apple mail, I think.
So apparently they're not too worried about the DoS fixed in 2.0.24. And
libgcrypt 1.6.0, which succeeds a version vulnerable to "Get Your Hands Off My
Laptop" if I'm not mistaken, was released in December. I'd hazard a guess that
they ship a vulnerable 1.5.x version.
So everybody: hands off the Mac! ;)
I think that you should only build or fork software[1] when you're willing to
provide the service of security fixes to your users, or clearly indicate this is
out of your scope. Do they provide security support? I think the libgcrypt one
might warrant a fix. A DoS is just annoying.
Peter.
[1] Especially security software
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list