Date: Fri, 10 Nov 2000 17:53:26 -0800
From: debian-security-announce@LISTS.DEBIAN.ORG
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: [SECURITY] New version of gnupg installed
Debian Security Advisory security@debian.org
http://www.debian.org/security/ Wichert Akkerman
November 11, 2000
Package: gnupg
Debian-specific: no
The version of gnupg that was distributed in Debian GNU/Linux
2.2 had a logic error in the code that checks for valid signatures
which could cause false positive results: Jim Small discovered that
if the input contained multiple signed sections the exit-code gnupg
returned was only valid for the last section, so improperly signed
other sections were not noticed.
This has been fixed in version 1.0.4-1 and we recommend that you
upgrade your gnupg package to that version. Please note that this
version of gnupg includes the RSA code directly instead of relying
on the gpg-rsa package. This means that the “load-extension rsa”
command in ~/.gnupg/options is no longer needed and must be
removed: gnupg will not work correctly if it tries to load an
extension that is not present.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato
Potato was released for the alpha, arm, i386, m68k, powerpc and
sparc architectures.
Source archives:
http://security.debian.org/dists/stable/updates/main/source/gnupg_1.0.4-1.diff.gz
MD5 checksum: bedf28e6875df5f632cbf1f210a653a4
http://security.debian.org/dists/stable/updates/main/source/gnupg_1.0.4-1.dsc
MD5 checksum: 9d61f9b13287acb6b0dcf14cc80f8c64
http://security.debian.org/dists/stable/updates/main/source/gnupg_1.0.4.orig.tar.gz
MD5 checksum: bef2267bfe9b74a00906a78db34437f9
Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/gnupg_1.0.4-1_alpha.deb
MD5 checksum: f572217d63102a55a9e4704aed9b1c9d
ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/gnupg_1.0.4-1_arm.deb
MD5 checksum: eb43fb088b488002fa4c06c0d8d69eb2
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/gnupg_1.0.4-1_i386.deb
MD5 checksum: ef2ed6b922db2ed215f2fb857db80730
Motorola 680×0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/gnupg_1.0.4-1_m68k.deb
MD5 checksum: 607202c40ec908fa2ab10b20a1235ff2
PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/gnupg_1.0.4-1_powerpc.deb
MD5 checksum: ade5f42869502dfb128bd2b6279ab111
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/gnupg_1.0.4-1_sparc.deb
MD5 checksum: 37a850c6363498f90d3f719ada8d71db
For not yet released architectures please refer to the
appropriate directory
ftp://ftp.debian.org/debian/dists/sid/binary-$arch/
.
apt-get: deb http://security.debian.org/
stable/updates main
dpkg-ftp:ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.