gnupg 1.4.6 in hardy heron fails to verify some files signed by gnupg 1.4.9
Bug #258008 reported by
Ethan Blanton
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gnupg (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Ubuntu 8.04.1
gnupg 1.4.6-2ubuntu5
The gnupg 1.4.6 shipping with Hardy Heron fails to verify some files which are signed by newer versions of gnupg. I unfortunately cannot (at this time) provide public examples of such files.
Stock gnupg 1.4.6 exhibits the same problem; stock 1.4.9 compiled for the system works properly. The problem seems to be in older versions of gnupg itself, not Ubuntu, though neither the gnupg ChangeLog nor NEWS specifically mention any fixes for such failures post-1.4.6.
I am not marking this bug as a security vulnerability, although it certainly has security implications in some situations.
Revision history for this message
| Ethan Blanton (eblanton) wrote | #1 |
To post a comment you must log in.
This bug can be closed. As far as I know it is still valid, but as it was not addressed in a timely fashion it is no longer relevant.