[ubuntu/saucy-proposed] libgcrypt11 1.5.0-3ubuntu3 (Accepted)

Seth Arnold seth.arnold at canonical.com
Tue Aug 13 15:14:16 UTC 2013


libgcrypt11 (1.5.0-3ubuntu3) saucy; urgency=low

  * SECURITY UPDATE: The path of execution in an exponentiation function may
    depend upon secret key data, allowing a local attacker to determine the
    contents of the secret key through a side-channel attack.
    - debian/patches/CVE-2013-4242.diff: always perform the mpi_mul for
      exponents in secure memory. Based on upstream patch.
    - CVE-2013-4242

Date: Tue, 13 Aug 2013 08:56:30 -0400
Changed-By: Seth Arnold <seth.arnold at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/saucy/+source/libgcrypt11/1.5.0-3ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 13 Aug 2013 08:56:30 -0400
Source: libgcrypt11
Binary: libgcrypt11-doc libgcrypt11-dev libgcrypt11-dbg libgcrypt11 libgcrypt11-udeb
Architecture: source
Version: 1.5.0-3ubuntu3
Distribution: saucy
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Seth Arnold <seth.arnold at canonical.com>
Description: 
 libgcrypt11 - LGPL Crypto library - runtime library
 libgcrypt11-dbg - LGPL Crypto library - debugger files
 libgcrypt11-dev - LGPL Crypto library - development files
 libgcrypt11-doc - LGPL Crypto library - documentation
 libgcrypt11-udeb - LGPL Crypto library - runtime library (udeb)
Changes: 
 libgcrypt11 (1.5.0-3ubuntu3) saucy; urgency=low
 .
   * SECURITY UPDATE: The path of execution in an exponentiation function may
     depend upon secret key data, allowing a local attacker to determine the
     contents of the secret key through a side-channel attack.
     - debian/patches/CVE-2013-4242.diff: always perform the mpi_mul for
       exponents in secure memory. Based on upstream patch.
     - CVE-2013-4242
Checksums-Sha1: 
 be51b435c73e19d69893d771200154f3de889c2a 2570 libgcrypt11_1.5.0-3ubuntu3.dsc
 975f926a70654980f7653cdf52938ae0eb203a0c 16596 libgcrypt11_1.5.0-3ubuntu3.debian.tar.gz
Checksums-Sha256: 
 df2910d8aca41aa8779bbb530e0f8cd60b1c9b7806f996697587835060c7c71c 2570 libgcrypt11_1.5.0-3ubuntu3.dsc
 5ba9e17f76f3bda31cc6b6476cc615643aad8835bc5899414f6c19181ab159b1 16596 libgcrypt11_1.5.0-3ubuntu3.debian.tar.gz
Files: 
 fc24a1519f1226581cba75b8d5cfe5d2 2570 libs optional libgcrypt11_1.5.0-3ubuntu3.dsc
 04b6af85848ba56d10c7cac1fa8921eb 16596 libs optional libgcrypt11_1.5.0-3ubuntu3.debian.tar.gz
Original-Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJSCkz5AAoJEGVp2FWnRL6T1IcQAKyJi8NrQvFn/EB4SO3pmhFC
yj5tfvh9q85B8o30/6Vp+m8lV49jju9EvecvP+nOgYVQYoA4DbHvx34+tnhWJVmq
N+P2DaO75yaHWulfDC/yjjWCULe0oiOLbMwDVzqTokkziCGZrdz+8qCdmSnrvU+U
P/u7lU+4bBuQxiIJFTtIw1iy4NPDuOD2R9vnm/zFE/lu7OjmTmsLL84h/WtdYEyH
H1Vw1jmbbwboiVRNtsmz95mDlIavHx3DUd2Y8gzxa1ryKcmgTZNOudaBogoqbVpc
EI0zQoj4KLHw/h8iI2sxWktv9pXl9Z1eiAbCHc18Numnwnu6mdbbi4FXyEnDg/Br
P7boCvV7Ir0xh6CriAd9ylJlsw65rNsPAxslW2qiqVE9d4VFqIzsg/damMMf8I0H
1yRS29ht2pkyaWclCJSAmP2ubXH/zte2JVYTO3tV+pb1v8o6iXcpPFZZtifHoCcp
O5gSlPT+RIYw7TLMkXvP5cA6nf1lAMUxcRIk8PJDetCKvYed4x9ZwfyVJlMnuwqb
+4zwtyJ+SSbwUKLlqYFwTtnuGOFr8XAPArRc75FCcEMbWtYsXIMyzh63d+7Y3ed3
qiLRfKf+MTUPcyOl8GhGWAoADN/egWJ7kjldDA5aWFNk5FCd3oUppyYkyS7oAru2
YCccc7WrOGMo4s2Ym2vy
=/Yzq
-----END PGP SIGNATURE-----


More information about the Saucy-changes mailing list