Re: status of non-US
* Martin Schulze:
> Florian Weimer wrote:
>> * Andreas Barth:
>>
>> > So, the only thing left now is pgp5i in non-US/non-free (and AFAICS this
>> > can't go to non-free).
>>
>> What's the security patching status of pgp5i?
>
> What are you referring to?
I've checked in the meantime. The RNG issue has been been fixed, but
the UID issues (see <http://www.bluering.nl/pgp/useridbug.txt>, for
example) are not addressed. I haven't tested PGP 5, but the
vulnerability is definitely present in other versions, even back to
2.6.3in, so it's unlikely that pgp5i is magically unaffected.
Reply to: