[18239] in bugtraq
Trustix Security Advisory - gnupg, ftpd-BSD
daemon@ATHENA.MIT.EDU (Trustix Secure Linux Team)
Wed Dec 20 17:43:23 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-Id: <03bsu742s6.fsf@colargol.tihlde.hist.no>
Date: Wed, 20 Dec 2000 14:53:45 +0100
Reply-To: Trustix Secure Linux Team <tsl@TRUSTIX.COM>
From: Trustix Secure Linux Team <tsl@TRUSTIX.COM>
X-To: tsl-announce@trustix.com
To: BUGTRAQ@SECURITYFOCUS.COM
Hi
Today we updated gnupg and ftpd-BSD. All versions of Trustix Secure
Linux are affected.
gnupg:
This update stops gnupg from importing private keys unless this has been
explicitly enabled, as this will corrupt the users web of trust. It
also clears up the problem with gnupg ignoring detached signatures if
the file being checked contains clearsigned data.
ftpd-BSD:
This contains a revised version of the replydirname() patch, as the
first version we released contained a typo making the ftpd behave
erratically. Thanks to Janeke Rvnnblom for pointing this out.
MD5sums:
For version 1.2:
0f8d2d383aa63a187611f24610f6737b RPMS/gnupg-1.0.4-4tr.i586.rpm
d20c0dd62b2562ab6b95c7f3bf06f7aa SRPMS/gnupg-1.0.4-4tr.src.rpm
f3c02c5cddde1fbf5c9abb5238b15d5e RPMS/ftpd-BSD-0.3.2-5tr.i586.rpm
33c71e68126a9b0aa0a333fa76d1e30c SRPMS/ftpd-BSD-0.3.2-5tr.src.rpm
For version 1.1 and 1.0x:
4f8e7a238f268eb36ef535f7280b49bb RPMS/gnupg-1.0.4-4tr.i586.rpm
cda6ef46d7a7a54d301ebbeb47abef95 SRPMS/gnupg-1.0.4-4tr.src.rpm
55123bc226b8a22ebae6c82782c5a2cb RPMS/ftpd-BSD-0.3.2-5tr.i586.rpm
c8df7b5a9e6326dbc85853f80f3cf172 SRPMS/ftpd-BSD-0.3.2-5tr.src.rpm
Get the updates here:
http://www.trustix.net/pub/Trustix/updates/
ftp://ftp.trustix.net/pub/Trustix/updates/
Users of 1.0x should as always use the update for 1.1.
Questions? Problems? Try our mailinglists:
<URL:http://www.trustix.net/support/>
--
Trustix Security Maintainance Agency
