Monkeysphere

msva-perl 0.6 has been released. Notes from the changelog: * Add new element to JSON syntax allowing request to override keyserver_policy (closes MS #2542) * Do not kill off child handling processes on HUP -- let them finish their ... [More] queries. * Refactor logging code * If we have Gtk2, Linux::Inotify2, and AnyEvent, we should monitor for updates and prompt the user when we notice one. (closes MS #2540) * Added tests/basic, as a simple test of a few functions (closes MS #2537) * fixed double-prompting on sites that have more than one User ID (closes MS #2567) * report server implementation name and version with every query (closes MS #2564) * support x509pem, opensshpubkey, and rfc4716 PKC formats in addition to x509der (addresses MS #2566) * add new peer type categorization (closes MS #2568) -- peers of type client can have much more flexible names than regular hostnames we look for for servers. Download it now! [Less]

msva-perl 0.6 has been released. Notes from the changelog: * Add new element to JSON syntax allowing request to override keyserver_policy (closes MS #2542) * Do not kill off child handling processes on HUP -- let them finish their ... [More] queries. * Refactor logging code * If we have Gtk2, Linux::Inotify2, and AnyEvent, we should monitor for updates and prompt the user when we notice one. (closes MS #2540) * Added tests/basic, as a simple test of a few functions (closes MS #2537) * fixed double-prompting on sites that have more than one User ID (closes MS #2567) * report server implementation name and version with every query (closes MS #2564) * support x509pem, opensshpubkey, and rfc4716 PKC formats in addition to x509der (addresses MS #2566) * add new peer type categorization (closes MS #2568) -- peers of type client can have much more flexible names than regular hostnames we look for for servers. Download it now! [Less]

monkeysphere 0.35 has been released. Notes from the changelog: * Remove reference to USE_VALIDATION_AGENT. * Fix ssh_proxycommand for marginal hosts (closes MS #2593) * GnuPG should always behave as --fixed-list-mode (closes MS #2587) Download it now!

monkeysphere 0.35 has been released. Notes from the changelog: * Remove reference to USE_VALIDATION_AGENT. * Fix ssh_proxycommand for marginal hosts (closes MS #2593) * GnuPG should always behave as --fixed-list-mode (closes MS #2587) Download it now!

monkeysphere 0.35 has been released. Notes from the changelog: * Remove reference to USE_VALIDATION_AGENT. * Fix ssh_proxycommand for marginal hosts (closes MS #2593) * GnuPG should always behave as --fixed-list-mode (closes MS #2587) Download it now!

It was recently pointed out that the version 0.5 of the perl implementation of the monkeysphere validation agent depend on more recent versions of GnuPG::Interface than can be found in ubuntu, or in the stable, testing, or unstable debian ... [More] repositories. The needed version of GnuPG::Interface is currently only available in package form from debian's experimental repository. msva-perl 0.5 is experimental as well, due to this dependency. So we're now shipping the needed version of GnuPG::Interface in the Monkeysphere APT repository. [Less]

It was recently pointed out that the version 0.5 of the perl implementation of the monkeysphere validation agent depend on more recent versions of GnuPG::Interface than can be found in ubuntu, or in the stable, testing, or unstable debian ... [More] repositories. The needed version of GnuPG::Interface is currently only available in package form from debian's experimental repository. msva-perl 0.5 is experimental as well, due to this dependency. So we're now shipping the needed version of GnuPG::Interface in the Monkeysphere APT repository. [Less]

It was recently pointed out that the version 0.5 of the perl implementation of the monkeysphere validation agent depend on more recent versions of GnuPG::Interface than can be found in ubuntu, or in the stable, testing, or unstable debian ... [More] repositories. The needed version of GnuPG::Interface is currently only available in package form from debian's experimental repository. msva-perl 0.5 is experimental as well, due to this dependency. So we're now shipping the needed version of GnuPG::Interface in the Monkeysphere APT repository. [Less]

Monkeysphere version 0.31 introduced a vulnerability which could allow an arbitrary code execution attack as the 'monkeysphere' system account, if the superuser were to run the command "monkeysphere-authentication keys-for-user". Depending on the ... [More] configuration of the host, access to this system account can potentially grant access to other accounts. The problem also existed in version 0.32 but was resolved in version 0.33. Versions prior to 0.31 were not affected. If you are running one of the versions with this issue, it is highly recommended that you update as soon as possible. A CVE reference identifier was released for this issue: CVE-2010-4096 For more information, please see the mailing list post about the issue [Less]

Monkeysphere version 0.31 introduced a vulnerability which could allow an arbitrary code execution attack as the 'monkeysphere' system account, if the superuser were to run the command "monkeysphere-authentication keys-for-user". Depending on the ... [More] configuration of the host, access to this system account can potentially grant access to other accounts. The problem also existed in version 0.32 but was resolved in version 0.33. Versions prior to 0.31 were not affected. If you are running one of the versions with this issue, it is highly recommended that you update as soon as possible. A CVE reference identifier was released for this issue: CVE-2010-4096 For more information, please see the mailing list post about the issue [Less]