gnupg2 2.2.4-1ubuntu1.2 source package in Ubuntu

Changelog

gnupg2 (2.2.4-1ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: CSRF in dirmngr
    - debian/patches/CVE-2018-1000858.patch: don't follow a redirect in
      dirmngr/Makefile.am, dirmngr/http.c, dirmngr/http.h,
      dirmngr/ks-engine-hkp.c, dirmngr/ks-engine-http.c,
      dirmngr/t-http-basic.c, dirmngr/t-http.c.
    - CVE-2018-1000858

 -- Marc Deslauriers <email address hidden>  Thu, 10 Jan 2019 08:07:03 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
utils
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
gnupg2_2.2.4.orig.tar.bz2 6.3 MiB 401a3e64780fdfa6d7670de0880aa5c9d589b3db7a7098979d7606cec546f2ec
gnupg2_2.2.4.orig.tar.bz2.asc 952 bytes 30dd26e12b451e8f6799ba3a81449ed18db3d3e747820b237a39745ab264c899
gnupg2_2.2.4-1ubuntu1.2.debian.tar.bz2 80.3 KiB ad2e70205e5d5f52c092c58e619ee58e5f5bc2b44f44a2c462296fc34a1960de
gnupg2_2.2.4-1ubuntu1.2.dsc 3.7 KiB 3b5821e3a8c95653140d0bbc791098ab6c08d6fc7206857a21b25e291e79f2bc

View changes file

Binary packages built by this source

dirmngr: GNU privacy guard - network certificate management service

 dirmngr is a server for managing and downloading OpenPGP and X.509
 certificates, as well as updates and status signals related to those
 certificates. For OpenPGP, this means pulling from the public
 HKP/HKPS keyservers, or from LDAP servers. For X.509 this includes
 Certificate Revocation Lists (CRLs) and Online Certificate Status
 Protocol updates (OCSP). It is capable of using tor for network
 access.
 .
 dirmngr is used for network access by gpg, gpgsm, and dirmngr-client,
 among other tools. Unless this package is installed, the parts of
 the GnuPG suite that try to interact with the network will fail.

dirmngr-dbgsym: debug symbols for dirmngr
gnupg: GNU privacy guard - a free PGP replacement

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC4880.
 .
 This package contains the full suite of GnuPG tools for cryptographic
 communications and data storage.

gnupg-agent: GNU privacy guard - cryptographic agent (dummy transitional package)

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC4880.
 .
 This is a dummy transitional package; please use gpg-agent instead.

gnupg-l10n: GNU privacy guard - localization files

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC 4880.
 .
 This package contains the translation files for the use of GnuPG in
 non-English locales.

gnupg-utils: GNU privacy guard - utility programs

 GnuPG is GNU's tool for secure communication and data storage.
 .
 This package contains several useful utilities for manipulating
 OpenPGP data and other related cryptographic elements. It includes:
 .
  * addgnupghome -- create .gnupg home directories
  * applygnupgdefaults -- run gpgconf --apply-defaults for all users
  * gpgcompose -- an experimental tool for constructing arbitrary
                  sequences of OpenPGP packets (e.g. for testing)
  * gpgparsemail -- parse an e-mail message into annotated format
  * gpgsplit -- split a sequence of OpenPGP packets into files
  * gpg-zip -- encrypt or sign files in an archive
  * kbxutil -- list, export, import Keybox data
  * lspgpot -- convert PGP ownertrust values to GnuPG
  * migrate-pubring-from-classic-gpg -- use only "modern" formats
  * symcryptrun -- use simple symmetric encryption tool in GnuPG framework
  * watchgnupg -- watch socket-based logs

gnupg-utils-dbgsym: debug symbols for gnupg-utils
gnupg2: GNU privacy guard - a free PGP replacement (dummy transitional package)

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC4880.
 .
 This is a dummy transitional package that provides symlinks from gpg2
 to gpg.

gpg: GNU Privacy Guard -- minimalist public key operations

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC4880.
 .
 This package contains /usr/bin/gpg itself, and is useful on its own
 only for public key operations (encryption, signature verification,
 listing OpenPGP certificates, etc). If you want full capabilities
 (including secret key operations, network access, etc), please
 install the "gnupg" package, which pulls in the full suite of tools.

gpg-agent: GNU privacy guard - cryptographic agent

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC4880.
 .
 This package contains the agent program gpg-agent which handles all
 secret key material for OpenPGP and S/MIME use. The agent also
 provides a passphrase cache, which is used by pre-2.1 versions of
 GnuPG for OpenPGP operations. Without this package, trying to do
 secret-key operations with any part of the modern GnuPG suite will
 fail.

gpg-agent-dbgsym: debug symbols for gpg-agent
gpg-dbgsym: debug symbols for gpg
gpg-wks-client: GNU privacy guard - Web Key Service client

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC4880.
 .
 This package provides the GnuPG client for the Web Key Service
 protocol.
 .
 A Web Key Service is a service that allows users to upload keys per
 mail to be verified over https as described in
 https://tools.ietf.org/html/draft-koch-openpgp-webkey-service
 .
 For more information see: https://wiki.gnupg.org/WKS

gpg-wks-client-dbgsym: debug symbols for gpg-wks-client
gpg-wks-server: GNU privacy guard - Web Key Service server

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC4880.
 .
 This package provides the GnuPG server for the Web Key Service
 protocol.
 .
 A Web Key Service is a service that allows users to upload keys per
 mail to be verified over https as described in
 https://tools.ietf.org/html/draft-koch-openpgp-webkey-service
 .
 For more information see: https://wiki.gnupg.org/WKS

gpg-wks-server-dbgsym: debug symbols for gpg-wks-server
gpgconf: GNU privacy guard - core configuration utilities

 GnuPG is GNU's tool for secure communication and data storage.
 .
 This package contains core utilities used by different tools in the
 suite offered by GnuPG. It can be used to programmatically edit
 config files for tools in the GnuPG suite, to launch or terminate
 per-user daemons (if installed), etc.

gpgconf-dbgsym: debug symbols for gpgconf
gpgsm: GNU privacy guard - S/MIME version

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC4880.
 .
 This package contains the gpgsm program. gpgsm is a tool to provide
 digital encryption and signing services on X.509 certificates and the
 CMS protocol. gpgsm includes complete certificate management.

gpgsm-dbgsym: debug symbols for gpgsm
gpgv: GNU privacy guard - signature verification tool

 GnuPG is GNU's tool for secure communication and data storage.
 .
 gpgv is actually a stripped-down version of gpg which is only able
 to check signatures. It is somewhat smaller than the fully-blown gpg
 and uses a different (and simpler) way to check that the public keys
 used to make the signature are valid. There are no configuration
 files and only a few options are implemented.

gpgv-dbgsym: debug symbols for gpgv
gpgv-static: minimal signature verification tool (static build)

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC 4880.
 .
 This is GnuPG's signature verification tool, gpgv, built statically
 so that it can be directly used on any platform that is running on
 the Linux kernel. Android and ChromeOS are two well known examples,
 but there are many other platforms that this will work for, like
 embedded Linux OSes. This gpgv in combination with debootstrap and
 the Debian archive keyring allows the secure creation of chroot
 installs on these platforms by using the full Debian signature
 verification that is present in all official Debian mirrors.

gpgv-static-dbgsym: debug symbols for gpgv-static
gpgv-udeb: minimal signature verification tool

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC 4880.
 .
 This is GnuPG's signature verification tool, gpgv, packaged in minimal
 form for use in debian-installer.

gpgv-win32: GNU privacy guard - signature verification tool (win32 build)

 GnuPG is GNU's tool for secure communication and data storage.
 .
 gpgv is a stripped-down version of gnupg which is only able to check
 signatures. It is smaller than the full-blown gnupg and uses a
 different (and simpler) way to check that the public keys used to
 make the signature are trustworthy.
 .
 This is a win32 version of gpgv. It's meant to be used by the win32-loader
 component of Debian-Installer.

gpgv2: GNU privacy guard - signature verification tool (dummy transitional package)

 GnuPG is GNU's tool for secure communication and data storage. gpgv
 is a stripped-down version of gpg which is only able to check
 signatures.
 .
 This is a dummy transitional package that provides symlinks from gpgv2
 to gpgv.

scdaemon: GNU privacy guard - smart card support

 GnuPG is GNU's tool for secure communication and data storage.
 It can be used to encrypt data and to create digital signatures.
 It includes an advanced key management facility and is compliant
 with the proposed OpenPGP Internet standard as described in RFC4880.
 .
 This package contains the smart card program scdaemon, which is used
 by gpg-agent to access OpenPGP smart cards.

scdaemon-dbgsym: debug symbols for scdaemon