Vulnerability in libgcrypt

lieven's Avatar

lieven

04 Jul, 2017 03:28 PM

Hello,

I'm no expert, just a happy user of the tools.

I saw this vulnerability notification in libgcrypt passing by:

CVE-2017-7526 : Information Disclosure Vulnerability

And I now wonder: are us, users of gpgtools at risk? Do we need to update? I notice the version of libgcrypt that ships with latest gpgtools beta is libgcrypt 1.6.6.

Thanks for any advise you can give.

Lieven.

  1. Support Staff 1 Posted by Steve on 05 Jul, 2017 10:06 AM

    Steve's Avatar

    Hi Lieven,

    welcome to the GPGTools support platform.

    This has been fixed in the nightly build. The fix will be included in the upcoming beta release.

    Could you please download and install our latest GPG Suite nightly build and see if the problem persists. That page also has sig and SHA256 to verify the download.

    All the best,
    steve

    Disclaimer: This is a development version which has not been thoroughly tested yet - bugs or crashes are to be expected. Thanks for helping us test.

  2. 2 Posted by lieven on 08 Jul, 2017 08:39 AM

    lieven's Avatar

    Hello Steven,

    thanks for the fast feedback, I'll update to the latest nightly.

    Have a nice day,
    Lieven.

  3. Steve closed this discussion on 18 Aug, 2017 11:09 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac