Page MenuHome GnuPG
Feed Advanced Search

Apr 23 2023

hanno created T6466: gpgme python example code contains insecure code pattern / chmod permission race condition.
Apr 23 2023, 5:33 PM · Python, Documentation, gpgme

Jan 29 2021

hanno added a comment to T5279: Buffer Overread in selftest_pbkdf2() in kdf.c/libgcrypt.

Yeah looks like a duplicate. You may rename the bug to "Please implement some basic safety checks in a CI".

Jan 29 2021, 2:15 PM · Duplicate, Bug Report
hanno created T5280: gnupg.org webpage advertises the use of insecure git:// protocol at various places in the S1 Public space.
Jan 29 2021, 1:38 PM · gpgweb
hanno created T5279: Buffer Overread in selftest_pbkdf2() in kdf.c/libgcrypt.
Jan 29 2021, 1:35 PM · Duplicate, Bug Report

Feb 15 2018

hanno added a comment to T1977: abort in gpgparsemail.

FYI this is still unfixed.
I think it'd be valuable to run another round of fuzzing tests, but this should be fixed before, otherwise it'll just be hit all the time and may hide other bugs.

Feb 15 2018, 3:16 PM · Bug Report

Jan 9 2017

hanno set Version to 2.1.17 on T2917: --locate-key should re-fetch key via WKD if it is expired.
Jan 9 2017, 3:48 PM · gnupg (gpg22), Bug Report
hanno added projects to T2917: --locate-key should re-fetch key via WKD if it is expired: gnupg, Bug Report.
Jan 9 2017, 3:48 PM · gnupg (gpg22), Bug Report
hanno added a comment to T2917: --locate-key should re-fetch key via WKD if it is expired.

Jan 9 2017, 3:48 PM · gnupg (gpg22), Bug Report

Oct 16 2016

hanno reopened T2694: insecure links on gnupg webpage (gnupg.org) that could be https as "Open".
Oct 16 2016, 2:33 PM · In Progress, Feature Request
hanno added a project to T2694: insecure links on gnupg webpage (gnupg.org) that could be https: In Progress.
Oct 16 2016, 2:33 PM · In Progress, Feature Request
hanno added a comment to T2694: insecure links on gnupg webpage (gnupg.org) that could be https.

It seems you missed the creative commons links (on all pages).

Also some more:

  • Download page contains links to gpg4win, gpgotools (mac) and rpmfind which

are all available over https.

  • documentation page contains another http twitter link.

(Hint: The moartls browser addon for chrome and firefox is extremely useful to
do this)

Oct 16 2016, 2:33 PM · In Progress, Feature Request
hanno reopened T2744: Lack of HTTPS issues on git.gnupg.org as "Open".
Oct 16 2016, 2:27 PM · gpgweb, Bug Report
hanno added a comment to T2744: Lack of HTTPS issues on git.gnupg.org.

There are two http links left on the page. One (drm.info) is unfortunately
unavailable over https. The other (openit.de) seems to no longer exist, as the
company has merged with another one and is only a forward to plusserver. Probably
that simply should be changed to https://www.plusserver.com/ (and maybe the logo
as well).

Oct 16 2016, 2:27 PM · gpgweb, Bug Report

Oct 9 2016

hanno added a project to T2744: Lack of HTTPS issues on git.gnupg.org: Bug Report.
Oct 9 2016, 2:50 PM · gpgweb, Bug Report

Sep 20 2016

hanno added a project to T2694: insecure links on gnupg webpage (gnupg.org) that could be https: Feature Request.
Sep 20 2016, 12:05 PM · In Progress, Feature Request

Jul 18 2016

hanno added a comment to T2419: gpg --list-packets hangs on file containing single zero byte.

Jul 18 2016, 8:41 PM · gnupg, Bug Report
hanno set Version to 2.1.14 on T2419: gpg --list-packets hangs on file containing single zero byte.
Jul 18 2016, 8:41 PM · gnupg, Bug Report
hanno added a project to T2419: gpg --list-packets hangs on file containing single zero byte: Bug Report.
Jul 18 2016, 8:41 PM · gnupg, Bug Report

May 13 2015

hanno added a comment to T1977: abort in gpgparsemail.

May 13 2015, 11:00 AM · Bug Report
hanno set Version to 2.1.4 on T1977: abort in gpgparsemail.
May 13 2015, 11:00 AM · Bug Report
hanno added a project to T1977: abort in gpgparsemail: Bug Report.
May 13 2015, 11:00 AM · Bug Report

Apr 11 2015

hanno added a project to T1949: git head compilation without ldap fails: Bug Report.
Apr 11 2015, 12:52 PM · dirmngr, Bug Report