--------------------------------------------------------------------- Fedora Test Update Notification FEDORA-2007-316 2007-03-06 --------------------------------------------------------------------- Product : Fedora Core 5 Name : gnupg Version : 1.4.7 Release : 1 Summary : A GNU utility for secure communication and data storage. Description : GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of PGP2 (PGP2.x uses only IDEA for symmetric-key encryption, which is patented worldwide). --------------------------------------------------------------------- Update Information: This updates GnuPG to version 1.4.7, changing the default behavior so that gnupg now flags message streams which contain multiple plaintexts as an error. This prevents errors which would occur when applications which called gnupg assumed that this was already the default behavior. Absent new bug reports, this package will be moved from Testing to Final on or about 7 March 2007. --------------------------------------------------------------------- * Mon Mar 5 2007 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.7-1 - update to 1.4.7, changing the default to not allow multiple plaintexts in a single stream * Wed Dec 6 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.6-1 - update to 1.4.6, incorporating fixes for CVE-2006-6169 and CVE-2006-6235 * Tue Dec 5 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.5-13 - apply the termlib patch again * Tue Dec 5 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.5-12 - don't apply the non-security termlib patch * Tue Dec 5 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.5-11 - rebuild * Tue Dec 5 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.5-10 - incorporate patch from Werner to fix use of stack variable after it goes out of scope (CVE-2006-6235, #218483) * Fri Dec 1 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.5-9 - rebuild - give configure a --with-termlib option which can be used to force the selection of libtermcap or libncurses, but don't flip the switch yet * Fri Dec 1 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.5-8 - rebuild * Fri Dec 1 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.5-7 - rebuild * Fri Dec 1 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.5-6 - add patch for overflow in openfile.c from Werner's mail (CVE-2006-6169, #218506) * Tue Oct 31 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.5-5 - rebuild against current libcurl * Fri Aug 18 2006 Jesse Keating <jkeating@xxxxxxxxxx> - 1.4.5-4 - rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc* (#203001) * Tue Aug 1 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.5-3 - rebuild * Tue Aug 1 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.5-2 - rebuild - reenable curl support * Tue Aug 1 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.5-1 - update to 1.4.5, fixing additional size overflows in packet parsing (#200904, CVE-2006-3746) - temporarily disable curl support again * Fri Jul 28 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.4.90-1 - update to 1.4.5rc1 to check for build problems, but mark it as 1.4.4.90 to avoid looking "newer" than the eventual 1.4.5 - because we call aclocal, buildrequire gettext-devel to get AM_GNU_GETTEXT * Thu Jul 20 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.4-7 - add BuildPrereq on curl-devel to get curl's ipv6 support (#198375) * Wed Jul 12 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.4-6 - fix a cast in gpgkeys_hkp to avoid tripping stack smashing or buffer overflow detection (#198612) * Wed Jul 12 2006 Jesse Keating <jkeating@xxxxxxxxxx> - 1.4.4-5.1 - rebuild * Wed Jul 5 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.4-5 - try again using per-platform buildprereq (jkeating) * Wed Jul 5 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.4-4 - buildprereq libusb-devel, so that we get CCID support back (#197450) * Mon Jun 26 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.4-3 - rebuild * Mon Jun 26 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.4-2 - rebuild * Mon Jun 26 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.4-1 - update to 1.4.4 * Tue Jun 20 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.3-5 - rebuild * Tue Jun 20 2006 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.4.3-4 - add patch from upstream to fix CVE-2006-3082 (#195946) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/5/ 5040f0e7745a893cc68c1271be2cb852ea73cd0d SRPMS/gnupg-1.4.7-1.src.rpm 5040f0e7745a893cc68c1271be2cb852ea73cd0d noarch/gnupg-1.4.7-1.src.rpm 3eac76273637edefda83b57a49bdced8df9986b9 ppc/debug/gnupg-debuginfo-1.4.7-1.ppc.rpm d61d9fa51ae8a3000ee56e310bb9513958688246 ppc/gnupg-1.4.7-1.ppc.rpm 18758b28e2d79b3d347f679c3d17528ec5bab37b x86_64/gnupg-1.4.7-1.x86_64.rpm cf3b90444897145199a91eb91e37ad2f9200df9c x86_64/debug/gnupg-debuginfo-1.4.7-1.x86_64.rpm bae18d94849de12e31193aafbd867056d4e25e5a i386/debug/gnupg-debuginfo-1.4.7-1.i386.rpm 3438db0f51145801ea1a91dbeafecccee6301ebe i386/gnupg-1.4.7-1.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. --------------------------------------------------------------------- -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list