[ubuntu/trusty-proposed] gnupg 1.4.15-2ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Dec 20 14:35:16 UTC 2013 

gnupg (1.4.15-2ubuntu1) trusty; urgency=low

  * Resynchronise with Debian.  Remaining changes:
    - Disable mlock() test since it fails with ulimit 0 (on buildds).
    - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
    - Only suggest gnupg-curl and libldap; recommendations are pulled into
      minimal, and we don't need the keyserver utilities in a minimal Ubuntu
      system.
    - Remove the Win32 build.
    - Build using dh-autoreconf
    - Disable inline assembler for ppc64el.
  * Moved CVE-2013-4576 patch to the right directory, and added to series
    file so it actually gets applied.

gnupg (1.4.15-2) unstable; urgency=high

  * Fixed the RSA Key Extraction via Low-Bandwidth Acoustic
    Cryptanalysis attack as described by Genkin, Shamir, and Tromer.
    See <http://www.cs.tau.ac.il/~tromer/acoustic/>. [CVE-2013-4576]
  * Add two Gemalto card readers to udev rules (closes: #730872),
    thanks Yves-Alexis Perez.
  * Checked for policy 3.9.5, no changes.

Date: Fri, 20 Dec 2013 08:17:09 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/trusty/+source/gnupg/1.4.15-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 20 Dec 2013 08:17:09 -0500
Source: gnupg
Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb
Architecture: source
Version: 1.4.15-2ubuntu1
Distribution: trusty
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 gnupg      - GNU privacy guard - a free PGP replacement
 gnupg-curl - GNU privacy guard - a free PGP replacement (cURL)
 gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb)
 gpgv       - GNU privacy guard - signature verification tool
 gpgv-udeb  - minimal signature verification tool (udeb)
Closes: 730872
Changes: 
 gnupg (1.4.15-2ubuntu1) trusty; urgency=low
 .
   * Resynchronise with Debian.  Remaining changes:
     - Disable mlock() test since it fails with ulimit 0 (on buildds).
     - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
     - Only suggest gnupg-curl and libldap; recommendations are pulled into
       minimal, and we don't need the keyserver utilities in a minimal Ubuntu
       system.
     - Remove the Win32 build.
     - Build using dh-autoreconf
     - Disable inline assembler for ppc64el.
   * Moved CVE-2013-4576 patch to the right directory, and added to series
     file so it actually gets applied.
 .
 gnupg (1.4.15-2) unstable; urgency=high
 .
   * Fixed the RSA Key Extraction via Low-Bandwidth Acoustic
     Cryptanalysis attack as described by Genkin, Shamir, and Tromer.
     See <http://www.cs.tau.ac.il/~tromer/acoustic/>. [CVE-2013-4576]
   * Add two Gemalto card readers to udev rules (closes: #730872),
     thanks Yves-Alexis Perez.
   * Checked for policy 3.9.5, no changes.
Checksums-Sha1: 
 f551ba2263f6a7241c844225699271729eeec0e9 2363 gnupg_1.4.15-2ubuntu1.dsc
 2881c8174c15bb86ecf2e879cb7ca22c91fbcf93 5066798 gnupg_1.4.15.orig.tar.gz
 2655848192786bdd793d4c9d759d59ffc757cb1b 36229 gnupg_1.4.15-2ubuntu1.debian.tar.gz
Checksums-Sha256: 
 cae06a2bf99b1ce0ddb17c90a2439f6eae47b49afa2ced206b21de5c3aaf86b7 2363 gnupg_1.4.15-2ubuntu1.dsc
 0b91e293e8566e5b841f280329b1e6fd773f7d3826844c69bec676124e0a0bb3 5066798 gnupg_1.4.15.orig.tar.gz
 fc5875ce13bc8824b0b0b92e10f23bdee282aa665e3d0596521293ce677050dd 36229 gnupg_1.4.15-2ubuntu1.debian.tar.gz
Files: 
 af4302be3e4257f2b9d025f335bda2dc 2363 utils important gnupg_1.4.15-2ubuntu1.dsc
 c04ba3eb68766c01ac26cabee1af1eac 5066798 utils important gnupg_1.4.15.orig.tar.gz
 ba5b801914e101b4a02d9a00fd2e2e0a 36229 utils important gnupg_1.4.15-2ubuntu1.debian.tar.gz
Original-Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-maint at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBCgAGBQJStFUYAAoJEGVp2FWnRL6TdAUP/0AfyWqlRBtpk5K35b4rdEvw
3/qGsM0lHOVMJ4CXu89Ff01KpXUEOnoR2wf6ZLU9XYH0FXLrUv3nBFEZoomlJn/l
uz6i+4o6VMHitrcyCzDk5ND6rrQrzUUC4Dj86QD7Vfv/4Z36xgdhDCu8nSGhcNeV
sHs585H8EtHCMfF6Urrysc1mhvd4SHZkxe24eqFs01mB1EqaEmHuCE0QrdQRiKe8
CIzGCAMtoPnaDHGF/3w8mTuSQrA0J0Fz5XARa4S3xdo79r2ePFCEC4O+PL1SoaaC
M94X6OfyLvMGG4b1/+uJlysQrY02J6Cw85dQLrcORXFCxgxxspiXzdNBBWJCTOfK
6Unf3abpueDl2rnbS9nDHYBaDFXhWNC1/37Ihao5q5V/SVNU7L0AgRgJNNftkpCo
YaBLSaZ7vMz1Eg0k9Ta+g9F4q5JZVN/nw8q5Lt/7iVZPh/Js6BgJE3bGrFHvXagm
hJ3YxPZ4nZ1MW/SjRIivyhSzGUuD54OT0DD5CFZTY4OxDOtjMR+gl3W9LiQ99hHN
1EdaV/tdczSJzFgYCviduMsiNvWiRk8UHfJUeit0Itw1wXcA8XVj6kXo++5yLy2j
BTjHfp9PoNffq0wSh6Gf8dOsrwzYb0rkiCdcIToOn4KWu1NbPI+EezqyO8p3wlCc
/eouB1AWZzTcU5dvNBZK
=c2+D
-----END PGP SIGNATURE-----

More information about the Trusty-changes mailing list