aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--security/gnupg/Makefile2
-rw-r--r--security/gnupg/distinfo12
-rw-r--r--security/gnupg1/Makefile2
-rw-r--r--security/gnupg1/distinfo12
-rw-r--r--security/vuxml/vuln.xml34
5 files changed, 48 insertions, 14 deletions
diff --git a/security/gnupg/Makefile b/security/gnupg/Makefile
index 6636891f6d43..78f231fc67dc 100644
--- a/security/gnupg/Makefile
+++ b/security/gnupg/Makefile
@@ -6,7 +6,7 @@
#
PORTNAME= gnupg
-PORTVERSION= 1.4.2.1
+PORTVERSION= 1.4.2.2
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_GNUPG}
MASTER_SITE_SUBDIR= gnupg
diff --git a/security/gnupg/distinfo b/security/gnupg/distinfo
index 8ae5a4906e1b..746bcd2f6ed7 100644
--- a/security/gnupg/distinfo
+++ b/security/gnupg/distinfo
@@ -1,6 +1,6 @@
-MD5 (gnupg-1.4.2.1.tar.bz2) = 2d59ed50d92f69994dbfbe00fe1612e4
-SHA256 (gnupg-1.4.2.1.tar.bz2) = df58e9970727306e28dbe3fcadf6cbff1b00abbee3d9c4ac41e2ed4a0a6353b4
-SIZE (gnupg-1.4.2.1.tar.bz2) = 3030527
-MD5 (gnupg-1.4.2.1.tar.bz2.sig) = 3a61a48a0066f2b72009a0f8ef08f5fc
-SHA256 (gnupg-1.4.2.1.tar.bz2.sig) = 9335f522cf9a07a1d1ea330b1db64ff9e8cf5bc5114fe355bb10ca24ee584865
-SIZE (gnupg-1.4.2.1.tar.bz2.sig) = 158
+MD5 (gnupg-1.4.2.2.tar.bz2) = c34736eb7cb687f9e5b6d4df48aaf7c8
+SHA256 (gnupg-1.4.2.2.tar.bz2) = 174e7f78c670d76984c4c4bd6077a0b9fec7b4be700b9f3e40c6889b78110c57
+SIZE (gnupg-1.4.2.2.tar.bz2) = 3034652
+MD5 (gnupg-1.4.2.2.tar.bz2.sig) = 6065155c588b50af0b13d616944a6bb3
+SHA256 (gnupg-1.4.2.2.tar.bz2.sig) = eb4e7c829c07f51feef32a8c065d20877a8f644fb08fce93ffbf103265c6af1f
+SIZE (gnupg-1.4.2.2.tar.bz2.sig) = 158
diff --git a/security/gnupg1/Makefile b/security/gnupg1/Makefile
index 6636891f6d43..78f231fc67dc 100644
--- a/security/gnupg1/Makefile
+++ b/security/gnupg1/Makefile
@@ -6,7 +6,7 @@
#
PORTNAME= gnupg
-PORTVERSION= 1.4.2.1
+PORTVERSION= 1.4.2.2
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_GNUPG}
MASTER_SITE_SUBDIR= gnupg
diff --git a/security/gnupg1/distinfo b/security/gnupg1/distinfo
index 8ae5a4906e1b..746bcd2f6ed7 100644
--- a/security/gnupg1/distinfo
+++ b/security/gnupg1/distinfo
@@ -1,6 +1,6 @@
-MD5 (gnupg-1.4.2.1.tar.bz2) = 2d59ed50d92f69994dbfbe00fe1612e4
-SHA256 (gnupg-1.4.2.1.tar.bz2) = df58e9970727306e28dbe3fcadf6cbff1b00abbee3d9c4ac41e2ed4a0a6353b4
-SIZE (gnupg-1.4.2.1.tar.bz2) = 3030527
-MD5 (gnupg-1.4.2.1.tar.bz2.sig) = 3a61a48a0066f2b72009a0f8ef08f5fc
-SHA256 (gnupg-1.4.2.1.tar.bz2.sig) = 9335f522cf9a07a1d1ea330b1db64ff9e8cf5bc5114fe355bb10ca24ee584865
-SIZE (gnupg-1.4.2.1.tar.bz2.sig) = 158
+MD5 (gnupg-1.4.2.2.tar.bz2) = c34736eb7cb687f9e5b6d4df48aaf7c8
+SHA256 (gnupg-1.4.2.2.tar.bz2) = 174e7f78c670d76984c4c4bd6077a0b9fec7b4be700b9f3e40c6889b78110c57
+SIZE (gnupg-1.4.2.2.tar.bz2) = 3034652
+MD5 (gnupg-1.4.2.2.tar.bz2.sig) = 6065155c588b50af0b13d616944a6bb3
+SHA256 (gnupg-1.4.2.2.tar.bz2.sig) = eb4e7c829c07f51feef32a8c065d20877a8f644fb08fce93ffbf103265c6af1f
+SIZE (gnupg-1.4.2.2.tar.bz2.sig) = 158
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 35b14709fc8a..da3255f5f47f 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,40 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="948921ad-afbc-11da-bad9-02e081235dab">
+ <topic>GnuPG does not detect injection of unsigned data</topic>
+ <affects>
+ <package>
+ <name>gnupg</name>
+ <range>
+ <lt>1.4.2.2</lt>
+ </range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Werner Koch reports:</p>
+ <blockquote cite="http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html">
+ <p>In the aftermath of the false positive signature verfication bug
+ (announced 2006-02-15) more thorough testing of the fix has been
+ done and another vulnerability has been detected.
+
+ This new problem affects the use of *gpg* for verification of
+ signatures which are _not_ detached signatures. The problem also
+ affects verification of signatures embedded in encrypted messages;
+ i.e. standard use of gpg for mails.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2006-0049</cvename>
+ <mlist msgid="87d5gvh2kr.fsf@wheatstone.g10code.de">http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html</mlist>
+ </references>
+ <dates>
+ <discovery>2006-03-09</discovery>
+ <entry>2006-03-10</entry>
+ </dates>
+ </vuln>
<vuln vid="104beb63-af4d-11da-8414-0013d4a4a40e">
<topic>mplayer -- heap overflow in the ASF demuxer</topic>
<affects>
generated by cgit (git 2.34.1) at 2025-01-07 05:35:21 +0800