This project is archived. Its data is read-only.

Commit b17e5352 authored Feb 27, 2015 by Baruch Siach Committed by Peter Korsgaard Feb 27, 2015

gnupg2: security bump to version 2.0.27



Fixes:

CVE-2015-1606: Use after free, resulting from failure to skip invalid packets

CVE-2015-1607: memcpy with overlapping ranges, resulting from incorrect
bitwise left shifts

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

parent 10900c07

package/gnupg2/gnupg2.hash

+2 −2

Original line number	Diff line number	Diff line
		# Locally calculated after checking pgp signature
		sha256 7758e30dc382ae7a7167ed41b7f936aa50af5ea2d6fccdef663b5b750b65b8e0 gnupg-2.0.26.tar.bz2
		# From http://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000362.html
		sha1 d065be185f5bac8ea07b210ab7756e79b83b63d4 gnupg-2.0.27.tar.bz2

package/gnupg2/gnupg2.mk

+1 −1

Original line number	Diff line number	Diff line
		@@ -4,7 +4,7 @@
		#
		################################################################################

		GNUPG2_VERSION = 2.0.26
		GNUPG2_VERSION = 2.0.27
		GNUPG2_SOURCE = gnupg-$(GNUPG2_VERSION).tar.bz2
		GNUPG2_SITE = ftp://ftp.gnupg.org/gcrypt/gnupg
		GNUPG2_LICENSE = GPLv3+