[arch-security] GnuPG < 2.0.24 DoS (CVE-2014-4617)
Remi Gacogne
rgacogne-arch at coredump.fr
Tue Jun 24 11:33:24 EDT 2014
Hi all,
A security issue has been reported to oss-security [1] regarding a
denial of service in GnuPG < 2.0.24. Please see the original message
posted to oss-security or the GnuPG announcement [2] for additional
information.
The GnuPG package in Arch Linux is currently in version 2.0.23 and
therefore seems to be vulnerable. It has already been flagged as
out-of-date but has not been updated yet.
[1] http://www.openwall.com/lists/oss-security/2014/06/24/1
[2] http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html
Best regards,
Remi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-security/attachments/20140624/80a95e7c/attachment.asc>
More information about the arch-security
mailing list