On 26 June 2014 10:48, Guillaume ALAUX <guillaume@archlinux.org> wrote:
On 26 June 2014 10:44, Neal Oakey <neal@oakey-dev.eu> wrote:
Hi,
when will this be fixed?
Greetings, Neal
Am 24.06.2014 17:33, schrieb Remi Gacogne:
Hi all,
A security issue has been reported to oss-security [1] regarding a denial of service in GnuPG < 2.0.24. Please see the original message posted to oss-security or the GnuPG announcement [2] for additional information.
The GnuPG package in Arch Linux is currently in version 2.0.23 and therefore seems to be vulnerable. It has already been flagged as out-of-date but has not been updated yet.
[1] http://www.openwall.com/lists/oss-security/2014/06/24/1 [2] http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html
Best regards,
Remi
GnuPG 2.0.24 is currently in [testing].
https://www.archlinux.org/packages/testing/i686/gnupg/
It should hit "stable" repo as soon as it gets its signoffs.
Hum. I have just read this comment about gnupg signoffs: Signoffs are not currently enabled Don't bother signing off; another upstream release is pending.