[Bug 345141] [NEW] firegpg version 0.5 is insecure
dkg
dkg at fifthhorseman.net
Wed Mar 18 23:25:14 UTC 2009
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: iceweasel-firegpg
The version of firegpg that is marked for inclusion in jaunty is
0.5.dfsg-1. However, upstream says (at
http://getfiregpg.org/install.html):
Versions prior to 0.6 are affected by security issues. DO NOT USE THEM
IN A PRODUCTION ENVIRONEMENT !
Version 0.7.5 appears to be the latest upstream version.
The package for firegpg for debian was just removed from the archive
until a new package can be built:
http://bugs.debian.org/520118
http://bugs.debian.org/514386
The firegpg branch in launchpad appears to have 0.5.1, but that itself
is still too old according to upstream:
https://code.edge.launchpad.net/~ubuntu-dev/firefox-
extensions/firegpg.ubuntu
I recommend that until a recent version can be packaged without known
vulnerabilities, firegpg should not be shipped in ubuntu.
Sorry to be the bearer of bad tidings!
** Affects: iceweasel-firegpg (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
firegpg version 0.5 is insecure
https://bugs.launchpad.net/bugs/345141
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list