Date: Sun, 10 Jun 2018 18:38:47 +0200 From: Yves-Alexis Perez <corsac@...ian.org> To: oss-security@...ts.openwall.com, marcus.brinkmann@...r-uni-bochum.de Subject: Re: Re : Re: CVE-2018-12020 in GnuPG -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sun, 2018-06-10 at 10:58 -0400, Stiepan wrote: Hi Stepian, > This responsibility discussion is all well and fine, but now that this is > half-public, may we know for sure whether we are affected : > 1. as debian(-like) package consumers Not entirely sure what you mean here, but if you're talking about the apt package managers (which relies on gpgv for signature verification), it's currently investigated. Note that all supported suites have had their gnupg version updated: https://s ecurity-tracker.debian.org/tracker/CVE-2018-12020 Regards, - -- Yves-Alexis -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlsdVBcACgkQ3rYcyPpX RFvs6wgAyOwnS9uaOmW1Qg6pM7iKDlTYVe7SteOlVn6QyAQzKhTmsazdo+xZJ6+y Bd7BScDNRRvyTCZKtqyMvuTMCBjVoGcIQoGvrZW64X9wVCCgk/U5bpe39WwTpePZ uScfW3MZKGOvYEKAGbC8aZDbTAkJ1D1HjOe0xVAv7Ifc0lpinYJSwQ2dEu9qDyRm jxD9IpsZwAA2IX+yAb87ebW5Cm6ZFMoWUuj2VmE8Eth3k6wmHexLahiz/JR+qrET +s3aRcDTae7dajEPfIWLrSnxxVYHrdYs3xiDsD4NbapJ2YACSZ/ayL8P5GWIuQZ/ tipCq/jMIikHy59/fc247FOxSgCOew== =c5lf -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ