security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-13 22:21:09 +02:00
Code Activity

* NEWS: Note the CVE for bug#728, --s2k-count, --passphrase-repeat,

Browse Source 
and the OpenSSL exception.
This commit is contained in:
David Shaw 2006-12-03 04:54:21 +00:00
parent e0cd2d31a1
commit 69f73dddd9
2 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -1,3 +1,8 @@
2006-12-02 David Shaw <dshaw@jabberwocky.com>
* NEWS: Note the CVE for bug#728, --s2k-count,
--passphrase-repeat, and the OpenSSL exception.
2006-11-29 Werner Koch <wk@g10code.com> 2006-11-29 Werner Koch <wk@g10code.com>
Released 1.4.6rc1. Released 1.4.6rc1.

23
NEWS
View File

@ -2,9 +2,26 @@ Noteworthy changes in version 1.4.6
------------------------------------------------ ------------------------------------------------
* Fixed a bug while decrypting certain compressed and encrypted * Fixed a bug while decrypting certain compressed and encrypted
messages. See http://bugs.gnupg.org/537 . messages. [bug#537]
* Fixed a buffer overflow in gpg2. [bug#728] * Fixed a buffer overflow in gpg. [bug#728, CVE-2006-6169]
* Added --s2k-count to set the number of times passphrase mangling
is repeated. The default is 65536 times.
* Added --passphrase-repeat to set the number of times GPG will
prompt for a new passphrase to be repeated. This is useful to
help memorize a new passphrase. The default is 1 repetition.
* Added a GPL license exception to the keyserver helper programs
gpgkeys_ldap, gpgkeys_curl, and gpgkeys_hkp, to clarify any
potential questions about the ability to distribute binaries
that link to the OpenSSL library. GnuPG does not link directly
to OpenSSL, but libcurl (used for HKP, HTTP, and FTP) and
OpenLDAP (used for LDAP) may. Note that this license exception
is considered a bug fix and is intended to forgive any
violations pertaining to this issue, including those that may
have occurred in the past.
Noteworthy changes in version 1.4.5 (2006-08-01) Noteworthy changes in version 1.4.5 (2006-08-01)
@ -24,7 +41,7 @@ Noteworthy changes in version 1.4.5 (2006-08-01)
Noteworthy changes in version 1.4.4 (2006-06-25) Noteworthy changes in version 1.4.4 (2006-06-25)
------------------------------------------------ ------------------------------------------------
* User IDs are now capped at 2048 byte. This avoids a memory * User IDs are now capped at 2048 bytes. This avoids a memory
allocation attack (see CVE-2006-3082). allocation attack (see CVE-2006-3082).
* Added support for the SHA-224 hash. Like the SHA-384 hash, it * Added support for the SHA-224 hash. Like the SHA-384 hash, it