Mar 2 2023
(my example cert is 0x09BB0EEE)
Dec 22 2022
This bug is CVE-2022-47629
Dec 20 2022
Dec 14 2022
Dec 6 2022
I guess we can close this one.
Nov 23 2022
Here is the patch which will go into the next release
From f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 Mon Sep 17 00:00:00 2001 From: Werner Koch <wk@gnupg.org> Date: Tue, 22 Nov 2022 16:36:46 +0100 Subject: [PATCH] Fix an integer overflow in the CRL signature parser.
Nov 22 2022
Oct 18 2022
Oct 17 2022
Fixed Gpg4win version: https://lists.wald.intevation.org/pipermail/gpg4win-announce/2022/000098.html
As usual see https://gnupg.org/download for links to the latest packages. For Gpg4win see https://gpg4win.org
Oct 11 2022
Fixed in 1.6.1.
Fixed in 1.6.1.
Oct 7 2022
Sep 22 2022
Sep 18 2022
Looks like libksba 1.6.1 is available for download at: https://gnupg.org/download/ , however tag is missing at: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=summary
Sep 16 2022
Jul 29 2022
Jul 22 2022
@gniibe Thanks!
In the repo, for all related software, it's done.
Note that versions since 2020-11-07 to 2021-07-03 have major problem with non-POSIX shell, which doesn't support $(..) construct.
Jul 18 2022
Thank you.
May 27 2022
May 16 2022
May 13 2022
Mar 25 2022
Mar 22 2022
Thank you. Confirmed and applied.
Dec 8 2021
Nov 10 2021
Also applied to gpgme.
Since there is no problem with libgpg-error 1.43, I applied it to other libraries: npth, libassuan, libksba, and ntbtls.
Nov 3 2021
Oct 13 2021
Oct 12 2021
Bison used to be the de-facto standard yacc ;-)
I think that a simple way is defining a table (string -> token) by ourselves in yylex, not enabling %token-table.
(Then, we don't need to depend on the feature of string with %token, which is not supported by POSIX yacc.)