Re: [SECURITY] [DSA 1266-1] New gnupg packages fix signature forgery

To: debian-release@lists.debian.org
Subject: Re: [SECURITY] [DSA 1266-1] New gnupg packages fix signature forgery
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Sat, 17 Mar 2007 13:03:23 +0100
Message-id: <[🔎] slrnevnm8b.42o.jmm@inutil.org>
References: <20070313225527.GA4144@galadriel.inutil.org> <[🔎] 87k5xk14wz.fsf@riesling.zuerich.kuesterei.ch> <[🔎] 20070314112916.GR3729@mauritius.dodds.net> <[🔎] 200703141403.45535.elendil@planet.nl> <[🔎] 20070316100159.GA22999@borges.dodds.net>

Steve Langasek wrote:
> So at this point, the udebs we have in the prospective d-i rc2 initrds that
> we know we want to get fixes in yet for the .debs are atk1.0, gnupg, and
> udev.  The gnupg bug is a security bug, so an alternate update path is
> available; 

I don't know exactly how gnupg is used in d-i; but the fixed issue at hand is
unlikely to affect d-i, it only affects a small subset of use cases and is 
mostly limited to mail readers.

I have a - not yet uploaded - testing-security build ready. Any solution for
etch is fine with me; just tell me, which you prefer. I won't be able to
react very quickly, though, as my spare time of this weekend is very limited.

Cheers,
        Moritz

Reply to:

References:
- Re: [SECURITY] [DSA 1266-1] New gnupg packages fix signature forgery
  - From: Frank Küster <frank@kuesterei.ch>
- Re: [SECURITY] [DSA 1266-1] New gnupg packages fix signature forgery
  - From: Steve Langasek <vorlon@debian.org>
- Re: [SECURITY] [DSA 1266-1] New gnupg packages fix signature forgery
  - From: Frans Pop <elendil@planet.nl>
- Re: [SECURITY] [DSA 1266-1] New gnupg packages fix signature forgery
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Please unblock slimserver 6.3.0-5
Next by Date: unfreeze request smstools 3.0.2-4
Previous by thread: Re: [SECURITY] [DSA 1266-1] New gnupg packages fix signature forgery
Next by thread: Please unblock iceweasel-l10n
Index(es):
- Date
- Thread