Alec Berryman
2006-Aug-16 01:02 UTC
[Secure-testing-team] Please allow gnupg to migrate to testing
The current version of gnupg in testing is 1.4.3-2; it''s vulnerable to CVE-2006-3746 (remote denial of service). This has been fixed in 1.4.5-1, although it''s not mentioned in the changelog (CVE was assigned after upload). According to grep-excuses, the propagation of 1.4.5-1 is blocked because gnupg is in freeze. Would you please allow this version to reach testing? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060815/99a9b106/attachment.pgp
Frans Pop
2006-Aug-16 12:43 UTC
[Secure-testing-team] Re: Please allow gnupg to migrate to testing
On Wednesday 16 August 2006 03:01, Alec Berryman wrote:> The current version of gnupg in testing is 1.4.3-2; it''s vulnerable to > CVE-2006-3746 (remote denial of service). This has been fixed in > 1.4.5-1, although it''s not mentioned in the changelog (CVE was assigned > after upload). According to grep-excuses, the propagation of 1.4.5-1 > is blocked because gnupg is in freeze. Would you please allow this > version to reach testing?Has already been hinted yesterday. Cheers, FJP -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060816/4463823a/attachment.pgp
Steve Langasek
2006-Aug-16 16:26 UTC
[Secure-testing-team] Re: Please allow gnupg to migrate to testing
On Wed, Aug 16, 2006 at 02:42:54PM +0200, Frans Pop wrote:> On Wednesday 16 August 2006 03:01, Alec Berryman wrote: > > The current version of gnupg in testing is 1.4.3-2; it''s vulnerable to > > CVE-2006-3746 (remote denial of service). This has been fixed in > > 1.4.5-1, although it''s not mentioned in the changelog (CVE was assigned > > after upload). According to grep-excuses, the propagation of 1.4.5-1 > > is blocked because gnupg is in freeze. Would you please allow this > > version to reach testing?> Has already been hinted yesterday.Still blocked by britney confusion about RC bug counts, though. I''ve added another hint to get it in. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. vorlon@debian.org http://www.debian.org/