popularity-contest
Derek Broughton
news at pointerstop.ca
Fri Mar 30 15:30:30 UTC 2007
Jeffrey F. Bloss wrote:
> There's no reason to go as far as China for real life examples of how
> this sort of thing might be a problem. The version of GnuPG Ubuntu
> distributes in their own repositories, for example, is horribly out of
> date and known to have serious bugs. The CVE calls it a "remotely
> controllable function pointer" issue...
>
> http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000246.html
>
> Painfully ironic as it is, by blabbing about your vulnerable copy of
> GnuPG you're actually opening a piece of software you depend on for
> *security* up to a wider audience of potential attackers, and giving
And you're absolutely sure that, just because Ubuntu's Gnupg is still
v1.4.3, that it has that vulnerability? The latest security update to
gnupg in edgy-security is March 7, and while I don't have time to check,
almost certainly backports fixes for all known vulnerabilities to that
point.
--
derek
More information about the ubuntu-users
mailing list