[Announce] [security fix] GnuPG 2.0.22 released

Albert Chin gnupg-users at mlists.thewrittenword.com
Tue Mar 11 19:30:24 CET 2014

On Sat, Oct 05, 2013 at 10:46:39AM +0200, Werner Koch wrote:
> We are pleased to announce the availability of a new stable GnuPG-2
> release: Version 2.0.22.  This is a *security fix* release and all
> users are advised to updated to this version.  See below for the
> impact of the problem.
> [[ snip snip ]]
> What's New in 2.0.22
> ====================
>  * Fixed possible infinite recursion in the compressed packet
>    parser. [CVE-2013-4402]

Does libgpg-error need updating as well? According to
https://bugzilla.redhat.com/show_bug.cgi?id=1015685 and
https://lwn.net/Articles/571943/ there is some indication of this but
looking at the changes between 1.10 and 1.11, I see nothing to
indicate an update to libgpg-error is necessary.

albert chin (china at thewrittenword.com)

More information about the Gnupg-users mailing list