[ubuntu/precise-updates] gnupg 1.4.11-3ubuntu2.12 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Mon May 3 13:30:56 UTC 2021
gnupg (1.4.11-3ubuntu2.12) precise-security; urgency=medium
* SECURITY UPDATE: full RSA key recovery via side-channel attack
- debian/patches/CVE-2017-7526-part1.dpatch: simplify loop in mpi/mpi-pow.c.
- debian/patches/CVE-2017-7526-part2.dpatch: use same computation for square
and multiply in mpi/mpi-pow.c.
- debian/patches/CVE-2017-7526-part3.dpatch: fix allocation size for mpi_pow
- debian/patches/CVE-2017-7526-part4.dpatch: add exponent blinding in
cipher/rsa.c.
- debian/patches/CVE-2017-7526-part5.dpatch: allow different build directory
- debian/patches/CVE-2017-7526-part6.dpatch: Reduce secmem pressure in
cipher/rsa.c.
- CVE-2017-7526
gnupg (1.4.11-3ubuntu2.11) precise-security; urgency=medium
* SECURITY UPDATE: missing sanitization of verbose output
- debian/patches/CVE-2018-12020.dpatch: Sanitize diagnostic with
the original file name.
- CVE-2018-12020
Date: 2018-08-15 15:37:12.612502+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.12
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list