Publishing details
Changelog
gnupg (1.4.10-2ubuntu1.8) lucid-security; urgency=medium
* SECURITY UPDATE: sidechannel attack on Elgamal
- debian/patches/CVE-2014-3591.dpatch: use ciphertext blinding in
cipher/elgamal.c.
- CVE-2014-3591
* SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
- debian/patches/CVE-2015-0837.dpatch: avoid timing variations in
include/mpi.h, mpi/mpi-pow.c, mpi/mpiutil.c.
- CVE-2015-0837
* SECURITY UPDATE: invalid memory read via invalid keyring
- debian/patches/CVE-2015-1606.dpatch: skip all packets not allowed in
a keyring in g10/keyring.c.
- CVE-2015-1606
* SECURITY UPDATE: memcpy with overlapping ranges
- debian/patches/CVE-2015-1607.dpatch: use inline functions to convert
buffer data to scalars in g10/apdu.c, g10/app-openpgp.c,
g10/build-packet.c, g10/ccid-driver.c, g10/getkey.c, g10/keygen.c,
g10/keyid.c, g10/misc.c, g10/parse-packet.c, g10/tdbio.c,
g10/trustdb.c, include/host2net.h.
- CVE-2015-1607
-- Marc Deslauriers <email address hidden> Wed, 25 Mar 2015 14:34:25 -0400
Builds
Package files