Vulnerability in libgcrypt
Hello,
I'm no expert, just a happy user of the tools.
I saw this vulnerability notification in libgcrypt passing by:
CVE-2017-7526 : Information Disclosure Vulnerability
And I now wonder: are us, users of gpgtools at risk? Do we need to update? I notice the version of libgcrypt that ships with latest gpgtools beta is libgcrypt 1.6.6.
Thanks for any advise you can give.
Lieven.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Steve on 05 Jul, 2017 10:06 AM
Hi Lieven,
welcome to the GPGTools support platform.
This has been fixed in the nightly build. The fix will be included in the upcoming beta release.
Could you please download and install our latest GPG Suite nightly build and see if the problem persists. That page also has sig and SHA256 to verify the download.
All the best,
steve
Disclaimer: This is a development version which has not been thoroughly tested yet - bugs or crashes are to be expected. Thanks for helping us test.
2 Posted by lieven on 08 Jul, 2017 08:39 AM
Hello Steven,
thanks for the fast feedback, I'll update to the latest nightly.
Have a nice day,
Lieven.
Steve closed this discussion on 18 Aug, 2017 11:09 AM.