-
gnupg2 (2.0.14-1ubuntu1.7) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service via uncompressing garbled packets
- debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
g10/compress.c.
- CVE-2014-4617
-- Marc Deslauriers <email address hidden> Thu, 26 Jun 2014 09:21:08 -0400
-
gnupg2 (2.0.14-1ubuntu1.6) lucid-security; urgency=low
* SECURITY UPDATE: incorrect no-usage-permitted flag handling
- debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
in g10/getkey.c, g10/keygen.c, include/cipher.h.
- CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
- debian/patches/CVE-2013-4402.patch: set limits on number of filters
and nested packets in common/iobuf.c, g10/mainproc.c.
- CVE-2013-4402
-- Marc Deslauriers <email address hidden> Mon, 07 Oct 2013 15:52:58 -0400
-
gnupg2 (2.0.14-1ubuntu1.5) lucid-security; urgency=low
* SECURITY UPDATE: keyring corruption via malformed key import
- debian/patches/CVE-2012-6085.patch: validate PKTTYPE in g10/import.c.
- CVE-2012-6085
-- Marc Deslauriers <email address hidden> Tue, 08 Jan 2013 15:37:50 -0500
-
gnupg2 (2.0.14-1ubuntu1.4) lucid-security; urgency=low
* debian/patches/long-keyids.diff: Use the longest key ID available
when requesting a key from a key server.
-- Marc Deslauriers <email address hidden> Tue, 14 Aug 2012 13:34:54 -0400
-
gnupg2 (2.0.14-1ubuntu1.2) lucid-security; urgency=low
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via certificate with large number of Subject Alternate Names
- debian/patches/CVE-2010-2547.patch: fix use-after-free in
kbx/keybox-blob.c.
- CVE-2010-2547
-- Marc Deslauriers <email address hidden> Mon, 09 Aug 2010 15:31:52 -0400
-
gnupg2 (2.0.14-1ubuntu1.1) lucid-proposed; urgency=low
* Fix a regression in gnupg2 2.0.14 which prevents unprotection of new or
changed gpg-agent passphrases. Patch provided by Werner Koch (upstream)
(lp: #567106).
-- Michael Bienia <email address hidden> Sat, 19 Jun 2010 11:01:30 +0200
-
gnupg2 (2.0.14-1ubuntu1) lucid; urgency=low
* Merge with Debian testing (lp: #511356). Remaining changes:
- debian/gnupg2.dev: udev rules to set ACLs on SCM smartcard readers.
- debian/rules: Call dh_installudev.
gnupg2 (2.0.14-1) unstable; urgency=low
* New upstream release.
* debian/control: Build depend on libreadline-dev instead of
libreadline5-dev, since libreadline6-dev is out. (Closes: #548922)
* debian/source/format, debian/source/options,
debian/source/patch-header: Convert to v3 quilt format, with
single-debian-patch.
* debian/control: Tighten dependency on gnupg-agent. (Closes: #551792)
-- Michael Bienia <email address hidden> Fri, 22 Jan 2010 21:49:55 +0100
-
gnupg2 (2.0.13-1ubuntu1) lucid; urgency=low
* Merge with Debian testing (lp: #477491). Remaining changes:
- Build-depend on libreadline-dev instead of libreadline5-dev.
- debian/gnupg2.dev: udev rules to set ACLs on SCM smartcard readers.
- debian/rules: Call dh_installudev.
gnupg2 (2.0.13-1) unstable; urgency=low
* New upstream release.
* debian/control: Depend instead of Recommend gnupg-agent. (Closes:
#538947)
gnupg2 (2.0.12-1) unstable; urgency=low
* New upstream release. (Closes: #499569, #463270, #446494, #314068,
#519375, #514587)
* debian/control: Change build dependency on gs to ghoscript, since
ghoscript has been replaced.
* debian/compat: Use debhelper v7.
* debian/control: Update Standards-Version to 3.8.2.
* debian/control: Use ${misc:Depends}.
* configure.ac: Override pkgdatadir so that it points to
/usr/share/gnupg2. (Closes: #528734)
* debian/rules: No longer need to specify pkgdatadir at make install
time.
-- Michael Bienia <email address hidden> Sat, 07 Nov 2009 13:12:03 +0100
-
gnupg2 (2.0.12-0ubuntu2) karmic; urgency=low
* Build-depend on libreadline-dev instead of libreadline5-dev.
-- Matthias Klose <email address hidden> Sat, 19 Sep 2009 22:56:12 +0200
