ANN: A new version (0.4.3) of python-gnupg has been released. It contains a security-related change - please update to this version

Skip to first unread message

Vinay Sajip

Jun 13, 2018, 2:16:50 PM6/13/18
to python-gnupg
A new version of the Python module which wraps GnuPG has been released.

What Changed?
This is a security-fix release, and all users are strongly encouraged to upgrade.
This fix mitigates against CVE-2018-12020. See the discoverer's blog post [6] for
more information.

Brief summary:

* Added --no-verbose to the gpg command line, in case verbose is specified in
  gpg.conf - we don't need verbose output.

This release [2] has been signed with my code signing key:

Vinay Sajip (CODE SIGNING KEY) <vinay_sajip at>
Fingerprint: CA74 9061 914E AC13 8E66 EADB 9147 B477 339A 9B86

Recent changes to PyPI don't show the GPG signature with the download links.
An alternative download source where the signatures are available is the project's
own downloads page [5].

As always, your feedback is most welcome (especially bug reports [3],
patches and suggestions for improvement, or any other points via the
mailing list/discussion group [4]).



Vinay Sajip
Red Dove Consultants Ltd.

Reply all
Reply to author
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages