Thu, Nov 16
Nov 10 2023
Oct 18 2023
Oct 13 2023
And yes in gpgsm.conf both the extensions are also marked with ignore-cert-extension.
While remembering this I added to our standard.conf (and for testing first to my local conf):
Jun 22 2023
We had one request to support this back in 2017 but it was closed because the respective CA stopped using this extension. See T2039.
Jun 19 2023
rGb1ecc8353ae3 is just what I meant, so that we can recommend such an option in the future as a workaround until a new update becomes available which supports such an extension.
Nah, the description for that extension is pretty strict and I won't feel comfortable to just ignore it. BTW there is also T6398 (nameConstraints) which needs support. But for debugging a ignore extension makes sense.
For support reasons I would say that it might make sense to also ignore the extensions from "ignore-cert-extension" when checking CRLs?
Mar 2 2023
(my example cert is 0x09BB0EEE)
Dec 22 2022
This bug is CVE-2022-47629
Dec 20 2022
Dec 14 2022
Dec 6 2022
I guess we can close this one.
Nov 23 2022
Here is the patch which will go into the next release
From f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 Mon Sep 17 00:00:00 2001 From: Werner Koch <wk@gnupg.org> Date: Tue, 22 Nov 2022 16:36:46 +0100 Subject: [PATCH] Fix an integer overflow in the CRL signature parser.
Nov 22 2022
Oct 18 2022
Oct 17 2022
Fixed Gpg4win version: https://lists.wald.intevation.org/pipermail/gpg4win-announce/2022/000098.html
As usual see https://gnupg.org/download for links to the latest packages. For Gpg4win see https://gpg4win.org
Oct 11 2022
Fixed in 1.6.1.
Fixed in 1.6.1.
Oct 7 2022
Sep 22 2022
Sep 18 2022
Looks like libksba 1.6.1 is available for download at: https://gnupg.org/download/ , however tag is missing at: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=summary
Sep 16 2022
Jul 29 2022
Jul 22 2022
@gniibe Thanks!
In the repo, for all related software, it's done.