[Bug 345141] [NEW] request removal of firegpg
Launchpad Bug Tracker
345141 at bugs.launchpad.net
Wed Mar 25 01:26:42 GMT 2009
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Kees Cook (kees):
Binary package hint: iceweasel-firegpg
The version of firegpg that is marked for inclusion in jaunty is
0.5.dfsg-1. However, upstream says (at
http://getfiregpg.org/install.html):
Versions prior to 0.6 are affected by security issues. DO NOT USE THEM
IN A PRODUCTION ENVIRONEMENT !
Version 0.7.5 appears to be the latest upstream version.
The package for firegpg for debian was just removed from the archive
until a new package can be built:
http://bugs.debian.org/520118
http://bugs.debian.org/514386
The firegpg branch in launchpad appears to have 0.5.1, but that itself
is still too old according to upstream:
https://code.edge.launchpad.net/~ubuntu-dev/firefox-
extensions/firegpg.ubuntu
I recommend that until a recent version can be packaged without known
vulnerabilities, firegpg should not be shipped in ubuntu.
Sorry to be the bearer of bad tidings!
** Affects: iceweasel-firegpg (Ubuntu)
Importance: Undecided
Assignee: Kees Cook (kees)
Status: Confirmed
--
request removal of firegpg
https://bugs.edge.launchpad.net/bugs/345141
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list