Vulnerability in libgcrypt
I'm no expert, just a happy user of the tools.
I saw this vulnerability notification in libgcrypt passing by:
CVE-2017-7526 : Information Disclosure Vulnerability
And I now wonder: are us, users of gpgtools at risk? Do we need to update? I notice the version of libgcrypt that ships with latest gpgtools beta is libgcrypt 1.6.6.
Thanks for any advise you can give.
Comments are currently closed for this discussion. You can start a new one.
|?||Show this help|
|ESC||Blurs the current field|
|r||Focus the comment reply box|
|^ + ↩||Submit the comment|
You can use
Command ⌘ instead of
Control ^ on Mac
Support Staff 1 Posted by Steve on 05 Jul, 2017 10:06 AM
welcome to the GPGTools support platform.
This has been fixed in the nightly build. The fix will be included in the upcoming beta release.
Could you please download and install our latest GPG Suite nightly build and see if the problem persists. That page also has sig and SHA256 to verify the download.
All the best,
Disclaimer: This is a development version which has not been thoroughly tested yet - bugs or crashes are to be expected. Thanks for helping us test.
2 Posted by lieven on 08 Jul, 2017 08:39 AM
thanks for the fast feedback, I'll update to the latest nightly.
Have a nice day,
Steve closed this discussion on 18 Aug, 2017 11:09 AM.