oss-sec mailing list archives
Re: Re : Re: [oss-security] CVE-2018-12020 in GnuPG
From: Yves-Alexis Perez <corsac () debian org>
Date: Sun, 10 Jun 2018 18:38:47 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sun, 2018-06-10 at 10:58 -0400, Stiepan wrote: Hi Stepian,
This responsibility discussion is all well and fine, but now that this is half-public, may we know for sure whether we are affected : 1. as debian(-like) package consumers
Not entirely sure what you mean here, but if you're talking about the apt package managers (which relies on gpgv for signature verification), it's currently investigated. Note that all supported suites have had their gnupg version updated: https://s ecurity-tracker.debian.org/tracker/CVE-2018-12020 Regards, - -- Yves-Alexis -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlsdVBcACgkQ3rYcyPpX RFvs6wgAyOwnS9uaOmW1Qg6pM7iKDlTYVe7SteOlVn6QyAQzKhTmsazdo+xZJ6+y Bd7BScDNRRvyTCZKtqyMvuTMCBjVoGcIQoGvrZW64X9wVCCgk/U5bpe39WwTpePZ uScfW3MZKGOvYEKAGbC8aZDbTAkJ1D1HjOe0xVAv7Ifc0lpinYJSwQ2dEu9qDyRm jxD9IpsZwAA2IX+yAb87ebW5Cm6ZFMoWUuj2VmE8Eth3k6wmHexLahiz/JR+qrET +s3aRcDTae7dajEPfIWLrSnxxVYHrdYs3xiDsD4NbapJ2YACSZ/ayL8P5GWIuQZ/ tipCq/jMIikHy59/fc247FOxSgCOew== =c5lf -----END PGP SIGNATURE-----
Current thread:
- CVE-2018-12020 in GnuPG Yves-Alexis Perez (Jun 08)
- Re: CVE-2018-12020 in GnuPG Marcus Brinkmann (Jun 09)
- Re : Re: [oss-security] CVE-2018-12020 in GnuPG Stiepan (Jun 10)
- Re: Re : Re: [oss-security] CVE-2018-12020 in GnuPG Yves-Alexis Perez (Jun 10)
- Re : Re: [oss-security] Re : Re: [oss-security] CVE-2018-12020 in GnuPG Stiepan (Jun 13)
- Re: Re : Re: [oss-security] Re : Re: [oss-security] CVE-2018-12020 in GnuPG Stephen Farrell (Jun 13)
- Re : Re: [oss-security] CVE-2018-12020 in GnuPG Stiepan (Jun 10)
- Re: CVE-2018-12020 in GnuPG Marcus Brinkmann (Jun 09)