tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

security/gnupg update


GnuPG 1.4.20 is released. It has fixes for DoS and errors.
Can I update security/gnupg?

From NEWS:
Noteworthy changes in version 1.4.20 (2015-12-20)

 * Reject signatures made using the MD5 hash algorithm unless the
   new option --allow-weak-digest-algos or --pgp2 are given.

 * New option --weak-digest to specify hash algorithms which
   should be considered weak.

 * Changed default cipher for symmetric-only encryption to AES-128.

 * Fix for DoS when importing certain garbled secret keys.

 * Improved error reporting for secret subkey w/o corresponding public

 * Improved error reporting in decryption due to wrong algorithm.

 * Fix cluttering of stdout with trustdb info in double verbose mode.

 * Pass a DBUS envvar to gpg-agent for use by gnome-keyring.

PGP fingerprint = 82A2 DC91 76E0 A10A 8ABB  FD1B F404 27FA C7D1 15F3

Home | Main Index | Thread Index | Old Index