Release Notes: A serious and exploitable bug in processing encrypted packages, as reported in CVE-2006-6235, was fixed. A vulnerability when using GnuPG in streaming mode, which made it possible to insert additional text before or after a signed message if GnuPG was not used correctly, was fixed. A PIN pad can now also be used for the signing key. The PIN pad of the Cherry XX44 keyboard is now supported.
Release Notes: A serious and exploitable bug in processing encrypted packages, as reported in CVE-2006-6235, was fixed. A buffer overflow as reported in CVE-2006-6169 was fixed. A bug while decrypting certain compressed and encrypted messages was fixed. The option --s2k-count was added to set the number of times passphrase mangling is repeated. The option --passphrase-repeat was added to set the number of times to prompt for a new passphrase to be repeated. The license was adjusted with regards to helper programs indirectly linked to OpenSSL.
Release Notes: Two more possible memory allocation attacks, allowing denial of service attacks and possibly remote code execution, were fixed. More DSA2 tweaks were implemented. A Norwegian translation was added.
No changes have been submitted for this release.