gpg

Security update for gpg

Security update for gpg

When printing a text stream with a GPG signature it was possible for an attacker to create a stream with "unsigned text, signed text" where both unsigned and signed text would be shown without distinction which one was signed and which part wasn't. This is tracked by the Mitre CVE ID CVE-2007-1263. The update introduces a new option --allow-multiple-messages to print out such messages in the future, by default it only prints and handles the first one. When printing a text stream with a GPG signature it was possible for an attacker to create a stream with "unsigned text, signed text" where both unsigned and signed text would be shown without distinction which one was signed and which part wasn't. This is tracked by the Mitre CVE ID CVE-2007-1263. The update introduces a new option --allow-multiple-messages to print out such messages in the future, by default it only prints and handles the first one. security gpg i586 2234f523662c0aeda2ff5a4f07b8cc6a18202b88