[ubuntu/precise-updates] libgcrypt11 1.5.0-3ubuntu0.2 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Aug 1 01:28:22 UTC 2013


libgcrypt11 (1.5.0-3ubuntu0.2) precise-security; urgency=low

  * SECURITY UPDATE: The path of execution in an exponentiation function may
    depend upon secret key data, allowing a local attacker to determine the
    contents of the secret key through a side-channel attack.
    - debian/patches/CVE-2013-4242.diff: always perform the mpi_mul for
      exponents in secure memory. Based on upstream patch.
    - CVE-2013-4242

Date: 2013-07-31 02:22:13.142441+00:00
Changed-By: Seth Arnold <seth.arnold at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/precise/+source/libgcrypt11/1.5.0-3ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Precise-changes mailing list