Hi,
Please get the new release from
ftp://ftp.guug.de/pub/gcrypt/gnupg-0.3.2.tar.gz
or the diff
ftp://ftp.guug.de/pub/gcrypt/diffs/gnupg-0.3.2.diff.gz
you may also use the mirrors.
Is was possible to become root by using --version and a malicious
extension module. I fixed this and added a sentinel just before the
dlopen() which checks that we are not setuid anymore.
Noteworthy changes in version 0.3.2
-----------------------------------
* Fixed some bugs when using --textmode (-seat)
* Now displays the trust status of a positive verified message.
* Keyrings are now scanned in the sequence they are added with
--[secret-]keyring. Note that the default keyring is implictly
added as the very first one unless --no-default-keyring is used.
* Fixed setuid and dlopen bug.
Please note, that I changed my keys; see README for details.
The reason is not security related but to allow other OpenPGP programs
to verify my signature.
Werner
Please get the new release from
ftp://ftp.guug.de/pub/gcrypt/gnupg-0.3.2.tar.gz
or the diff
ftp://ftp.guug.de/pub/gcrypt/diffs/gnupg-0.3.2.diff.gz
you may also use the mirrors.
Is was possible to become root by using --version and a malicious
extension module. I fixed this and added a sentinel just before the
dlopen() which checks that we are not setuid anymore.
Noteworthy changes in version 0.3.2
-----------------------------------
* Fixed some bugs when using --textmode (-seat)
* Now displays the trust status of a positive verified message.
* Keyrings are now scanned in the sequence they are added with
--[secret-]keyring. Note that the default keyring is implictly
added as the very first one unless --no-default-keyring is used.
* Fixed setuid and dlopen bug.
Please note, that I changed my keys; see README for details.
The reason is not security related but to allow other OpenPGP programs
to verify my signature.
Werner