[Announce] [CVE-2022-3515] GnuPG / Libksba Security Advisory

Werner Koch wk at gnupg.org
Tue Oct 18 09:55:12 CEST 2022


On Tue, 18 Oct 2022 08:59, Alessandro Vesely said:

> Debian fix kept the old version number 1.5.0-3, though:

FWIW: Debian thus misses

 * Allow an OCSP server not to return the sent nonce.  [rK24992a4a7a]

 * Limited support for the Authenticated-Enveloped-Data content type.
   [rK81fdcd680c12]

 * Support password based decryption.  [rKcb7f2484a09c]

 * Support Brainpool curves specified by ECDomainParameters.

All of them fixes practical problems found in the real world.


Salam-Shalom,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20221018/a2a06eea/attachment.sig>


More information about the Gnupg-users mailing list