Re: status of non-US

To: Martin Schulze <joey@infodrom.org>
Cc: debian-release@lists.debian.org
Subject: Re: status of non-US
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sat, 09 Oct 2004 12:16:45 +0200
Message-id: <[🔎] 87r7o88acy.fsf@deneb.enyo.de>
In-reply-to: <[🔎] 20041009092232.GU10459@finlandia.infodrom.north.de> (Martin Schulze's message of "Sat, 9 Oct 2004 11:22:32 +0200")
References: <20040928163619.GI8876@mails.so.argh.org> <[🔎] 20041008081224.GJ8964@mails.so.argh.org> <[🔎] 87is9kho82.fsf@deneb.enyo.de> <[🔎] 20041009092232.GU10459@finlandia.infodrom.north.de>

* Martin Schulze:

> Florian Weimer wrote:
>> * Andreas Barth:
>> 
>> > So, the only thing left now is pgp5i in non-US/non-free (and AFAICS this
>> > can't go to non-free).
>> 
>> What's the security patching status of pgp5i?
>
> What are you referring to?

I've checked in the meantime.  The RNG issue has been been fixed, but
the UID issues (see <http://www.bluering.nl/pgp/useridbug.txt>, for
example) are not addressed.  I haven't tested PGP 5, but the
vulnerability is definitely present in other versions, even back to
2.6.3in, so it's unlikely that pgp5i is magically unaffected.

Reply to:

References:
- Re: status of non-US
  - From: Andreas Barth <aba@not.so.argh.org>
- Re: status of non-US
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: status of non-US
  - From: Martin Schulze <joey@infodrom.org>

Prev by Date: Re: status of non-US
Next by Date: Removal suggestions
Previous by thread: Re: status of non-US
Next by thread: Anetac Software : Feedback auto-response
Index(es):
- Date
- Thread