gnupg 1.4.11-3ubuntu2.12 source package in Ubuntu
Changelog
gnupg (1.4.11-3ubuntu2.12) precise-security; urgency=medium
* SECURITY UPDATE: full RSA key recovery via side-channel attack
- debian/patches/CVE-2017-7526-part1.dpatch: simplify loop in mpi/mpi-pow.c.
- debian/patches/CVE-2017-7526-part2.dpatch: use same computation for square
and multiply in mpi/mpi-pow.c.
- debian/patches/CVE-2017-7526-part3.dpatch: fix allocation size for mpi_pow
- debian/patches/CVE-2017-7526-part4.dpatch: add exponent blinding in
cipher/rsa.c.
- debian/patches/CVE-2017-7526-part5.dpatch: allow different build directory
- debian/patches/CVE-2017-7526-part6.dpatch: Reduce secmem pressure in
cipher/rsa.c.
- CVE-2017-7526
-- <email address hidden> (Leonidas S. Barbosa) Wed, 15 Aug 2018 11:30:05 -0300
Upload details
- Uploaded by:
- Leonidas S. Barbosa
- Uploaded to:
- Precise
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- utils
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Precise | updates | main | utils | |
| Precise | security | main | utils |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| gnupg_1.4.11.orig.tar.gz | 4.5 MiB | 55d457b55029c60eec571c2e739f3c0e639d411863b58a12178cdc63834036d7 |
| gnupg_1.4.11-3ubuntu2.12.diff.gz | 64.2 KiB | 393ce6c0747634208a9f0d4fb802a24068f733fba62badf54c278148a706216e |
| gnupg_1.4.11-3ubuntu2.12.dsc | 2.3 KiB | 6c5f5f6dd942fea63cf5a69b9787055e67a3b5b9e876a083a9511d11a13e0a5b |
Available diffs
Binary packages built by this source
- gnupg: GNU privacy guard - a free PGP replacement
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant
with the proposed OpenPGP Internet standard as described in RFC 4880.
.
GnuPG 1.4 is the standalone, non-modularized series. In contrast to
the version 2 series, shipped with the gnupg2 package, it comes
with no support for S/MIME and some other tools useful for desktop
environments, but also with less dependencies.
.
The gnupg package is built without libcurl. So it does not support
HKPS keyservers. Install the gnupg-curl package if you want to use
the keyserver helper tools built with libcurl and supporting HKPS.
.
GnuPG does not use any patented algorithms. This means it cannot be
compatible with PGP2, because that uses IDEA (which is patented in
a number of countries).
- gnupg-curl: GNU privacy guard - a free PGP replacement (cURL)
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant
with the proposed OpenPGP Internet standard as described in RFC 4880.
.
This package contains the keyserver helper tools built with libcurl,
which replace the ones in the gnupg package built with the "curl shim"
variant of gnupg. This package provides support for HKPS keyservers.
.
GnuPG does not use any patented algorithms. This means it cannot be
compatible with PGP2, because that uses IDEA (which is patented in
a number of countries).
- gnupg-curl-dbgsym: debug symbols for package gnupg-curl
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant
with the proposed OpenPGP Internet standard as described in RFC 4880.
.
This package contains the keyserver helper tools built with libcurl,
which replace the ones in the gnupg package built with the "curl shim"
variant of gnupg. This package provides support for HKPS keyservers.
.
GnuPG does not use any patented algorithms. This means it cannot be
compatible with PGP2, because that uses IDEA (which is patented in
a number of countries).
- gnupg-dbgsym: debug symbols for package gnupg
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant
with the proposed OpenPGP Internet standard as described in RFC 4880.
.
GnuPG 1.4 is the standalone, non-modularized series. In contrast to
the version 2 series, shipped with the gnupg2 package, it comes
with no support for S/MIME and some other tools useful for desktop
environments, but also with less dependencies.
.
The gnupg package is built without libcurl. So it does not support
HKPS keyservers. Install the gnupg-curl package if you want to use
the keyserver helper tools built with libcurl and supporting HKPS.
.
GnuPG does not use any patented algorithms. This means it cannot be
compatible with PGP2, because that uses IDEA (which is patented in
a number of countries).
- gnupg-udeb: GNU privacy guard - a free PGP replacement
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant
with the proposed OpenPGP Internet standard as described in RFC 4880.
.
This is GnuPG packaged in minimal form for use in debian-installer.
- gnupg-udeb-dbgsym: debug symbols for package gnupg-udeb
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant
with the proposed OpenPGP Internet standard as described in RFC 4880.
.
This is GnuPG packaged in minimal form for use in debian-installer.
- gpgv: GNU privacy guard - signature verification tool
GnuPG is GNU's tool for secure communication and data storage.
.
gpgv is a stripped-down version of gnupg which is only able to check
signatures. It is smaller than the full-blown gnupg and uses a
different (and simpler) way to check that the public keys used to
make the signature are trustworthy.
- gpgv-dbgsym: debug symbols for package gpgv
GnuPG is GNU's tool for secure communication and data storage.
.
gpgv is a stripped-down version of gnupg which is only able to check
signatures. It is smaller than the full-blown gnupg and uses a
different (and simpler) way to check that the public keys used to
make the signature are trustworthy.
- gpgv-udeb: minimal signature verification tool
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant
with the proposed OpenPGP Internet standard as described in RFC 4880.
.
This is GnuPG's signature verification tool, gpgv, packaged in minimal
form for use in debian-installer.
- gpgv-udeb-dbgsym: debug symbols for package gpgv-udeb
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant
with the proposed OpenPGP Internet standard as described in RFC 4880.
.
This is GnuPG's signature verification tool, gpgv, packaged in minimal
form for use in debian-installer.
