5881633 2000-12-20 14:53 +0100  /46 rader/ Trustix Secure Linux Team <tsl@TRUSTIX.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2000-12-21  00:42  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: tsl@TRUSTIX.COM
Mottagare: Bugtraq (import) <14396>
Ärende: Trustix Security Advisory - gnupg, ftpd-BSD
------------------------------------------------------------
From: Trustix Secure Linux Team <tsl@TRUSTIX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <03bsu742s6.fsf@colargol.tihlde.hist.no>

Hi

Today we updated gnupg and ftpd-BSD.  All versions of Trustix Secure
Linux are affected.

gnupg: This update stops gnupg from importing private keys unless
this has been explicitly enabled, as this will corrupt the users web
of trust.  It also clears up the problem with gnupg ignoring detached
signatures if the file being checked contains clearsigned data.

ftpd-BSD:
This contains a revised version of the replydirname() patch, as the
first version we released contained a typo making the ftpd behave
erratically.  Thanks to Janåke Rönnblom for pointing this out.

MD5sums:
For version 1.2:
0f8d2d383aa63a187611f24610f6737b  RPMS/gnupg-1.0.4-4tr.i586.rpm
d20c0dd62b2562ab6b95c7f3bf06f7aa  SRPMS/gnupg-1.0.4-4tr.src.rpm
f3c02c5cddde1fbf5c9abb5238b15d5e  RPMS/ftpd-BSD-0.3.2-5tr.i586.rpm
33c71e68126a9b0aa0a333fa76d1e30c  SRPMS/ftpd-BSD-0.3.2-5tr.src.rpm

For version 1.1 and 1.0x:
4f8e7a238f268eb36ef535f7280b49bb  RPMS/gnupg-1.0.4-4tr.i586.rpm
cda6ef46d7a7a54d301ebbeb47abef95  SRPMS/gnupg-1.0.4-4tr.src.rpm
55123bc226b8a22ebae6c82782c5a2cb  RPMS/ftpd-BSD-0.3.2-5tr.i586.rpm
c8df7b5a9e6326dbc85853f80f3cf172  SRPMS/ftpd-BSD-0.3.2-5tr.src.rpm

Get the updates here:
http://www.trustix.net/pub/Trustix/updates/
ftp://ftp.trustix.net/pub/Trustix/updates/

Users of 1.0x should as always use the update for 1.1.

Questions?  Problems?  Try our mailinglists:
<URL:http://www.trustix.net/support/>

--
Trustix Security Maintainance Agency
(5881633) --------------------------------(Ombruten)