[ubuntu/precise-updates] gnupg 1.4.11-3ubuntu2.12 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Mon May 3 13:30:56 UTC 2021


gnupg (1.4.11-3ubuntu2.12) precise-security; urgency=medium

  * SECURITY UPDATE: full RSA key recovery via side-channel attack
    - debian/patches/CVE-2017-7526-part1.dpatch: simplify loop in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-part2.dpatch: use same computation for square
      and multiply in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-part3.dpatch: fix allocation size for mpi_pow
    - debian/patches/CVE-2017-7526-part4.dpatch: add exponent blinding in
      cipher/rsa.c.
    - debian/patches/CVE-2017-7526-part5.dpatch: allow different build directory
    - debian/patches/CVE-2017-7526-part6.dpatch: Reduce secmem pressure in
      cipher/rsa.c.
    - CVE-2017-7526

gnupg (1.4.11-3ubuntu2.11) precise-security; urgency=medium

  * SECURITY UPDATE: missing sanitization of verbose output
    - debian/patches/CVE-2018-12020.dpatch: Sanitize diagnostic with
      the original file name.
    - CVE-2018-12020

Date: 2018-08-15 15:37:12.612502+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.12
-------------- next part --------------
Sorry, changesfile not available.


More information about the Precise-changes mailing list