[arch-security] GnuPG < 2.0.24 DoS (CVE-2014-4617)
Neal Oakey
neal at oakey-dev.eu
Thu Jun 26 04:44:12 EDT 2014
Hi,
when will this be fixed?
Greetings,
Neal
Am 24.06.2014 17:33, schrieb Remi Gacogne:
> Hi all,
>
> A security issue has been reported to oss-security [1] regarding a
> denial of service in GnuPG < 2.0.24. Please see the original message
> posted to oss-security or the GnuPG announcement [2] for additional
> information.
>
> The GnuPG package in Arch Linux is currently in version 2.0.23 and
> therefore seems to be vulnerable. It has already been flagged as
> out-of-date but has not been updated yet.
>
> [1] http://www.openwall.com/lists/oss-security/2014/06/24/1
> [2] http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html
>
> Best regards,
>
> Remi
>
>
More information about the arch-security
mailing list