1 |
Hi all, I found out via bugtraq mailing list this morning that gnupg-1.0.5 and |
2 |
earlier have a vulnerability that will let someone gain unauthorized access. I |
3 |
don't have a link for you because the archives haven't been updated on |
4 |
securityfocus.com. You may upgrade via portage in about a half hour when the |
5 |
rsync tree gets updated. The package you want is app-crypt/gnupg-1.0.6. I |
6 |
still didn't add the SUID to the gpg binary, I figure I'll leave that up to |
7 |
the installer. It'll still work, but will not be able to use secure memory |
8 |
when run as a normal user. |