Ubuntu
gnupg2 package

gnupg2 2.0.22-3ubuntu1.3 source package in Ubuntu

Changelog

gnupg2 (2.0.22-3ubuntu1.3) trusty-security; urgency=medium

  * Screen responses from keyservers (LP: #1409117)
    - d/p/0001-Screen-keyserver-responses.patch
    - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch
    - d/p/0003-Add-kbnode_t-for-easier-backporting.patch
    - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch
  * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766)
    - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch
    - debian/rules: build with --enable-large-secmem
  * SECURITY UPDATE: invalid memory read via invalid keyring
    - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in
      a keyring in g10/keyring.c.
    - CVE-2015-1606
  * SECURITY UPDATE: memcpy with overlapping ranges
    - debian/patches/CVE-2015-1607.patch: use inline functions to convert
      buffer data to scalars in common/iobuf.c, g10/build-packet.c,
      g10/getkey.c, g10/keyid.c, g10/main.h, g10/misc.c,
      g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h,
      kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c,
      kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c,
      scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c.
    - CVE-2015-1607
 -- Marc Deslauriers <email address hidden>   Fri, 27 Mar 2015 08:18:55 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Trusty
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
utils
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
gnupg2_2.0.22.orig.tar.bz2 4.1 MiB 437d0ab259854359fc48aa8795af80cff4975e559c111c92c03d0bc91408e251
gnupg2_2.0.22-3ubuntu1.3.debian.tar.bz2 50.4 KiB 1c1495f18ff301b923c573c3d1e80b6782082e7ad1beaaac40eaa1d011a703e6
gnupg2_2.0.22-3ubuntu1.3.dsc 2.3 KiB 8389d78af1bbeeddf01a11614162ad97d108deb254df0591b07755c4b6b7a0e3

View changes file

Binary packages built by this source

gnupg-agent: GNU privacy guard - password agent

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC2440.
 .
 This package contains the agent program gpg-agent which keeps a
 temporary secure storage of your passphrases.

gnupg2: GNU privacy guard - a free PGP replacement (new v2.x)

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC2440.
 .
 GnuPG 2.x is the new modularized version of GnuPG supporting OpenPGP
 and S/MIME.

gpgsm: GNU privacy guard - S/MIME version

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC2440.
 .
 This package contains the gpgsm program. gpgsm is a tool to provide
 digital encryption and signing services on X.509 certificates and the
 CMS protocol. gpgsm includes complete certificate management.

gpgv2: GNU privacy guard - signature verification tool (new v2.x)

 GnuPG is GNU's tool for secure communication and data storage.
 .
 gpgv2 is actually a stripped-down version of gpg2 which is only able
 to check signatures. It is somewhat smaller than the fully-blown gpg2
 and uses a different (and simpler) way to check that the public keys
 used to make the signature are valid. There are no configuration
 files and only a few options are implemented.

scdaemon: GNU privacy guard - smart card support

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC2440.
 .
 This package contains the smart card program scdaemon, which is used
 by gnupg-agent to access OpenPGP smart cards.