Change log for gnupg package in Ubuntu
| 1 → 75 of 121 results | First • Previous • Next • Last |
gnupg (1.4.11-3ubuntu2.12) precise-security; urgency=medium
* SECURITY UPDATE: full RSA key recovery via side-channel attack
- debian/patches/CVE-2017-7526-part1.dpatch: simplify loop in mpi/mpi-pow.c.
- debian/patches/CVE-2017-7526-part2.dpatch: use same computation for square
and multiply in mpi/mpi-pow.c.
- debian/patches/CVE-2017-7526-part3.dpatch: fix allocation size for mpi_pow
- debian/patches/CVE-2017-7526-part4.dpatch: add exponent blinding in
cipher/rsa.c.
- debian/patches/CVE-2017-7526-part5.dpatch: allow different build directory
- debian/patches/CVE-2017-7526-part6.dpatch: Reduce secmem pressure in
cipher/rsa.c.
- CVE-2017-7526
-- <email address hidden> (Leonidas S. Barbosa) Wed, 15 Aug 2018 11:30:05 -0300
Available diffs
gnupg (1.4.16-1ubuntu2.6) trusty-security; urgency=medium
* SECURITY UPDATE: full RSA key recovery via side-channel attack
- debian/patches/CVE-2017-7526-1.patch: simplify loop in mpi/mpi-pow.c.
- debian/patches/CVE-2017-7526-2.patch: use same computation for square
and multiply in mpi/mpi-pow.c.
- debian/patches/CVE-2017-7526-3.patch: fix allocation size for mpi_pow
- debian/patches/CVE-2017-7526-4.patch: add exponent blinding in
cipher/rsa.c.
- debian/patches/CVE-2017-7526-5.patch: allow different build directory
- CVE-2017-7526
-- Alex Murray <email address hidden> Mon, 06 Aug 2018 10:40:15 +0930
Available diffs
gnupg (1.4.20-1ubuntu3.3) xenial-security; urgency=medium
* SECURITY UPDATE: full RSA key recovery via side-channel attack
- debian/patches/CVE-2017-7526-1.patch: simplify loop in mpi/mpi-pow.c.
- debian/patches/CVE-2017-7526-2.patch: use same computation for square
and multiply in mpi/mpi-pow.c.
- debian/patches/CVE-2017-7526-3.patch: fix allocation size for mpi_pow
- debian/patches/CVE-2017-7526-4.patch: add exponent blinding in
cipher/rsa.c.
- debian/patches/CVE-2017-7526-5.patch: allow different build directory
- CVE-2017-7526
-- Alex Murray <email address hidden> Mon, 06 Aug 2018 09:59:18 +0930
Available diffs
gnupg (1.4.16-1ubuntu2.5) trusty-security; urgency=medium
* SECURITY UPDATE: missing sanitization of verbose output
- debian/patches/CVE-2018-12020.patch: Sanitize diagnostic with
the original file name.
- CVE-2018-12020
-- Steve Beattie <email address hidden> Fri, 08 Jun 2018 22:31:18 -0700
Available diffs
gnupg (1.4.20-1ubuntu3.2) xenial-security; urgency=medium
* SECURITY UPDATE: missing sanitization of verbose output
- debian/patches/CVE-2018-12020.patch: Sanitize diagnostic with
the original file name.
- CVE-2018-12020
-- Steve Beattie <email address hidden> Fri, 08 Jun 2018 15:53:57 -0700
Available diffs
| Deleted in yakkety-release (Reason: superseded by gnupg2) |
| Deleted in yakkety-proposed (Reason: moved to release) |
gnupg (1.4.20-6ubuntu1) yakkety; urgency=medium
* Merge with Debian. Remaining Ubuntu changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Disable inline assembler for ppc64el.
- Enable SHA-512 support in gpgv-udeb.
- debian/patches/lp1541925.patch: Make sure directory exists before
creating the lock.
* SECURITY UPDATE: random number generator prediction
- debian/patches/CVE-2016-6313-1.patch: improve readability by using a
macro in cipher/random.c.
- debian/patches/CVE-2016-6313-2.patch: hash continuous areas in the
csprng pool in cipher/random.c.
- CVE-2016-6313
Available diffs
gnupg (1.4.11-3ubuntu2.10) precise-security; urgency=medium
* SECURITY UPDATE: random number generator prediction
- debian/patches/CVE-2016-6313.dpatch: improve readability by using a
macro and hash continuous areas in the csprng pool in
cipher/random.c.
- CVE-2016-6313
-- Marc Deslauriers <email address hidden> Wed, 17 Aug 2016 13:37:00 -0400
Available diffs
gnupg (1.4.16-1ubuntu2.4) trusty-security; urgency=medium
* SECURITY UPDATE: random number generator prediction
- debian/patches/CVE-2016-6313-1.patch: improve readability by using a
macro in cipher/random.c.
- debian/patches/CVE-2016-6313-2.patch: hash continuous areas in the
csprng pool in cipher/random.c.
- CVE-2016-6313
-- Marc Deslauriers <email address hidden> Wed, 17 Aug 2016 13:35:58 -0400
Available diffs
gnupg (1.4.20-1ubuntu3.1) xenial-security; urgency=medium
* SECURITY UPDATE: random number generator prediction
- debian/patches/CVE-2016-6313-1.patch: improve readability by using a
macro in cipher/random.c.
- debian/patches/CVE-2016-6313-2.patch: hash continuous areas in the
csprng pool in cipher/random.c.
- CVE-2016-6313
-- Marc Deslauriers <email address hidden> Wed, 17 Aug 2016 13:35:22 -0400
Available diffs
| Superseded in yakkety-proposed |
gnupg (1.4.20-1ubuntu4) yakkety; urgency=medium
* SECURITY UPDATE: random number generator prediction
- debian/patches/CVE-2016-6313-1.patch: improve readability by using a
macro in cipher/random.c.
- debian/patches/CVE-2016-6313-2.patch: hash continuous areas in the
csprng pool in cipher/random.c.
- CVE-2016-6313
-- Marc Deslauriers <email address hidden> Wed, 17 Aug 2016 13:32:13 -0400
Available diffs
| Superseded in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
gnupg (1.4.20-1ubuntu3) xenial; urgency=medium * debian/patches/lp1541925.patch: switch to final upstream commit. -- Marc Deslauriers <email address hidden> Fri, 12 Feb 2016 07:19:26 -0500
Available diffs
gnupg (1.4.20-1ubuntu2) xenial; urgency=medium
* debian/patches/lp1541925.patch: Make sure directory exists before
creating the lock. (LP: #1541925)
-- Marc Deslauriers <email address hidden> Tue, 09 Feb 2016 14:39:34 -0500
Available diffs
gnupg (1.4.20-1ubuntu1) xenial; urgency=medium
* Merge with Debian. Remaining Ubuntu changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build.
- Build using dh-autoreconf.
- Disable inline assembler for ppc64el.
- Enable SHA-512 support in gpgv-udeb.
Available diffs
- diff from 1.4.19-6ubuntu1 to 1.4.20-1ubuntu1 (403.0 KiB)
gnupg (1.4.19-6ubuntu1) xenial; urgency=medium
* Merge with Debian. Remaining Ubuntu changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build.
- Build using dh-autoreconf.
- Disable inline assembler for ppc64el.
- Enable SHA-512 support in gpgv-udeb.
Available diffs
gnupg (1.4.16-1.2ubuntu1.2) utopic-security; urgency=medium * Screen responses from keyservers (LP: #1409117) - d/p/0001-Screen-keyserver-responses.patch - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch - d/p/0003-Add-kbnode_t-for-easier-backporting.patch - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766) - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch - debian/rules: build with --enable-large-secmem * SECURITY UPDATE: sidechannel attack on Elgamal - debian/patches/CVE-2014-3591.patch: use ciphertext blinding in cipher/elgamal.c. - CVE-2014-3591 * SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm - debian/patches/CVE-2015-0837.patch: avoid timing variations in include/mpi.h, mpi/mpi-pow.c, mpi/mpiutil.c. - CVE-2015-0837 * SECURITY UPDATE: invalid memory read via invalid keyring - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in a keyring in g10/keyring.c. - CVE-2015-1606 * SECURITY UPDATE: memcpy with overlapping ranges - debian/patches/CVE-2015-1607.patch: use inline functions to convert buffer data to scalars in g10/apdu.c, g10/app-openpgp.c, g10/build-packet.c, g10/ccid-driver.c, g10/getkey.c, g10/keygen.c, g10/keyid.c, g10/misc.c, g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h. - CVE-2015-1607 -- Marc Deslauriers <email address hidden> Fri, 27 Mar 2015 08:21:50 -0400
Available diffs
gnupg (1.4.11-3ubuntu2.9) precise-security; urgency=medium * Screen responses from keyservers (LP: #1409117) - d/p/0001-Screen-keyserver-responses.dpatch - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.dpatch - d/p/0003-Add-kbnode_t-for-easier-backporting.dpatch - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.dpatch * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766) - d/p/Add-build-and-runtime-support-for-larger-RSA-key.dpatch - debian/rules: build with --enable-large-secmem * SECURITY UPDATE: sidechannel attack on Elgamal - debian/patches/CVE-2014-3591.dpatch: use ciphertext blinding in cipher/elgamal.c. - CVE-2014-3591 * SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm - debian/patches/CVE-2015-0837.dpatch: avoid timing variations in include/mpi.h, mpi/mpi-pow.c, mpi/mpiutil.c. - CVE-2015-0837 * SECURITY UPDATE: invalid memory read via invalid keyring - debian/patches/CVE-2015-1606.dpatch: skip all packets not allowed in a keyring in g10/keyring.c. - CVE-2015-1606 * SECURITY UPDATE: memcpy with overlapping ranges - debian/patches/CVE-2015-1607.dpatch: use inline functions to convert buffer data to scalars in g10/apdu.c, g10/app-openpgp.c, g10/build-packet.c, g10/ccid-driver.c, g10/getkey.c, g10/keygen.c, g10/keyid.c, g10/misc.c, g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h. - CVE-2015-1607 -- Marc Deslauriers <email address hidden> Fri, 27 Mar 2015 08:24:00 -0400
Available diffs
gnupg (1.4.16-1ubuntu2.3) trusty-security; urgency=medium * Screen responses from keyservers (LP: #1409117) - d/p/0001-Screen-keyserver-responses.patch - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch - d/p/0003-Add-kbnode_t-for-easier-backporting.patch - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766) - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch - debian/rules: build with --enable-large-secmem * SECURITY UPDATE: sidechannel attack on Elgamal - debian/patches/CVE-2014-3591.patch: use ciphertext blinding in cipher/elgamal.c. - CVE-2014-3591 * SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm - debian/patches/CVE-2015-0837.patch: avoid timing variations in include/mpi.h, mpi/mpi-pow.c, mpi/mpiutil.c. - CVE-2015-0837 * SECURITY UPDATE: invalid memory read via invalid keyring - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in a keyring in g10/keyring.c. - CVE-2015-1606 * SECURITY UPDATE: memcpy with overlapping ranges - debian/patches/CVE-2015-1607.patch: use inline functions to convert buffer data to scalars in g10/apdu.c, g10/app-openpgp.c, g10/build-packet.c, g10/ccid-driver.c, g10/getkey.c, g10/keygen.c, g10/keyid.c, g10/misc.c, g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h. - CVE-2015-1607 -- Marc Deslauriers <email address hidden> Fri, 27 Mar 2015 08:22:48 -0400
Available diffs
gnupg (1.4.10-2ubuntu1.8) lucid-security; urgency=medium
* SECURITY UPDATE: sidechannel attack on Elgamal
- debian/patches/CVE-2014-3591.dpatch: use ciphertext blinding in
cipher/elgamal.c.
- CVE-2014-3591
* SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
- debian/patches/CVE-2015-0837.dpatch: avoid timing variations in
include/mpi.h, mpi/mpi-pow.c, mpi/mpiutil.c.
- CVE-2015-0837
* SECURITY UPDATE: invalid memory read via invalid keyring
- debian/patches/CVE-2015-1606.dpatch: skip all packets not allowed in
a keyring in g10/keyring.c.
- CVE-2015-1606
* SECURITY UPDATE: memcpy with overlapping ranges
- debian/patches/CVE-2015-1607.dpatch: use inline functions to convert
buffer data to scalars in g10/apdu.c, g10/app-openpgp.c,
g10/build-packet.c, g10/ccid-driver.c, g10/getkey.c, g10/keygen.c,
g10/keyid.c, g10/misc.c, g10/parse-packet.c, g10/tdbio.c,
g10/trustdb.c, include/host2net.h.
- CVE-2015-1607
-- Marc Deslauriers <email address hidden> Wed, 25 Mar 2015 14:34:25 -0400
Available diffs
| Superseded in xenial-release |
| Obsolete in wily-release |
| Obsolete in vivid-release |
| Deleted in vivid-proposed (Reason: moved to release) |
gnupg (1.4.18-7ubuntu1) vivid; urgency=medium
* Resynchronise with Debian. Remaining changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build.
- Build using dh-autoreconf.
- Disable inline assembler for ppc64el.
- Enable SHA-512 support in gpgv-udeb.
Available diffs
- diff from 1.4.18-6ubuntu1 to 1.4.18-7ubuntu1 (19.4 KiB)
gnupg (1.4.18-6ubuntu1) vivid; urgency=medium * Resynchronise with Debian (LP: #1371766). Remaining changes: - Disable mlock() test since it fails with ulimit 0 (on buildds). - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default. - Only suggest gnupg-curl and libldap; recommendations are pulled into minimal, and we don't need the keyserver utilities in a minimal Ubuntu system. - Remove the Win32 build. - Build using dh-autoreconf. - Disable inline assembler for ppc64el. - Enable SHA-512 support in gpgv-udeb.
Available diffs
- diff from 1.4.18-4ubuntu2 to 1.4.18-6ubuntu1 (393.6 KiB)
gnupg (1.4.18-4ubuntu2) vivid; urgency=medium
* Enable SHA-512 support in gpgv-udeb, since Ubuntu's Release.gpg is
signed using that digest algorithm (thanks, Nathan Rennie-Waldock;
LP: #1403982).
-- Colin Watson <email address hidden> Wed, 14 Jan 2015 11:23:40 +0000
Available diffs
- diff from 1.4.18-4ubuntu1 to 1.4.18-4ubuntu2 (649 bytes)
gnupg (1.4.18-4ubuntu1) vivid; urgency=medium
* Resynchronise with Debian. Remaining changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build.
- Build using dh-autoreconf
- Disable inline assembler for ppc64el.
Available diffs
- diff from 1.4.16-1.2ubuntu1 to 1.4.18-4ubuntu1 (384.0 KiB)
gnupg (1.4.10-2ubuntu1.7) lucid-security; urgency=medium
* SECURITY UPDATE: side-channel attack on Elgamal encryption subkeys
- debian/patches/CVE-2014-5270.dpatch: use sliding window method for
exponentiation algorithm in mpi/mpi-pow.c.
- CVE-2014-5270
-- Marc Deslauriers <email address hidden> Tue, 19 Aug 2014 09:44:38 -0400
Available diffs
gnupg (1.4.11-3ubuntu2.7) precise-security; urgency=medium
* SECURITY UPDATE: side-channel attack on Elgamal encryption subkeys
- debian/patches/CVE-2014-5270.dpatch: use sliding window method for
exponentiation algorithm in mpi/mpi-pow.c.
- CVE-2014-5270
-- Marc Deslauriers <email address hidden> Tue, 19 Aug 2014 09:41:45 -0400
Available diffs
| Superseded in vivid-release |
| Obsolete in utopic-release |
| Deleted in utopic-proposed (Reason: moved to release) |
gnupg (1.4.16-1.2ubuntu1) utopic; urgency=medium
* Resynchronise with Debian. Remaining changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build.
- Build using dh-autoreconf
- Disable inline assembler for ppc64el.
Available diffs
gnupg (1.4.11-3ubuntu2.6) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via uncompressing garbled packets
- debian/patches/CVE-2014-4617.dpatch: limit number of extra bytes in
g10/compress.c.
- CVE-2014-4617
-- Marc Deslauriers <email address hidden> Thu, 26 Jun 2014 08:30:14 -0400
Available diffs
gnupg (1.4.16-1ubuntu2.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via uncompressing garbled packets
- debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
g10/compress.c.
- CVE-2014-4617
-- Marc Deslauriers <email address hidden> Thu, 26 Jun 2014 08:26:05 -0400
Available diffs
gnupg (1.4.10-2ubuntu1.6) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service via uncompressing garbled packets
- debian/patches/CVE-2014-4617.dpatch: limit number of extra bytes in
g10/compress.c.
- CVE-2014-4617
-- Marc Deslauriers <email address hidden> Thu, 26 Jun 2014 08:32:12 -0400
Available diffs
gnupg (1.4.14-1ubuntu2.2) saucy-security; urgency=medium
* SECURITY UPDATE: denial of service via uncompressing garbled packets
- debian/patches/CVE-2014-4617.patch: limit number of extra bytes in
g10/compress.c.
- CVE-2014-4617
-- Marc Deslauriers <email address hidden> Thu, 26 Jun 2014 08:28:58 -0400
Available diffs
| Superseded in utopic-release |
| Published in trusty-release |
| Deleted in trusty-proposed (Reason: moved to release) |
gnupg (1.4.16-1ubuntu2) trusty; urgency=medium * Add patch init_trustdb.patch (Closes: #737128) -- Brian Murray <email address hidden> Thu, 06 Mar 2014 07:53:11 -0800
Available diffs
- diff from 1.4.16-1ubuntu1 to 1.4.16-1ubuntu2 (879 bytes)
gnupg (1.4.16-1ubuntu1) trusty; urgency=medium
* Resynchronise with Debian. Remaining changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build.
- Build using dh-autoreconf
- Disable inline assembler for ppc64el.
Available diffs
- diff from 1.4.15-2ubuntu1 to 1.4.16-1ubuntu1 (329.6 KiB)
gnupg (1.4.15-2ubuntu1) trusty; urgency=low
* Resynchronise with Debian. Remaining changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build.
- Build using dh-autoreconf
- Disable inline assembler for ppc64el.
* Moved CVE-2013-4576 patch to the right directory, and added to series
file so it actually gets applied.
Available diffs
gnupg (1.4.11-3ubuntu4.4) quantal-security; urgency=low
* SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic
Cryptanalysis attack
- debian/patches/CVE-2013-4576.dpatch: Use blinding for the RSA secret
operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the
MPIs used as input to secret key functions in cipher/dsa.c,
cipher/elgamal.c, cipher/rsa.c.
- CVE-2013-4576
-- Marc Deslauriers <email address hidden> Wed, 18 Dec 2013 11:15:37 -0500
Available diffs
gnupg (1.4.11-3ubuntu2.5) precise-security; urgency=low
* SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic
Cryptanalysis attack
- debian/patches/CVE-2013-4576.dpatch: Use blinding for the RSA secret
operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the
MPIs used as input to secret key functions in cipher/dsa.c,
cipher/elgamal.c, cipher/rsa.c.
- CVE-2013-4576
-- Marc Deslauriers <email address hidden> Wed, 18 Dec 2013 11:17:02 -0500
Available diffs
gnupg (1.4.12-7ubuntu1.3) raring-security; urgency=low
* SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic
Cryptanalysis attack
- debian/patches/CVE-2013-4576.patch: Use blinding for the RSA secret
operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the
MPIs used as input to secret key functions in cipher/dsa.c,
cipher/elgamal.c, cipher/rsa.c.
- CVE-2013-4576
-- Marc Deslauriers <email address hidden> Wed, 18 Dec 2013 11:14:22 -0500
Available diffs
gnupg (1.4.14-1ubuntu2.1) saucy-security; urgency=low
* SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic
Cryptanalysis attack
- debian/patches/CVE-2013-4576.patch: Use blinding for the RSA secret
operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the
MPIs used as input to secret key functions in cipher/dsa.c,
cipher/elgamal.c, cipher/rsa.c.
- CVE-2013-4576
-- Marc Deslauriers <email address hidden> Wed, 18 Dec 2013 11:08:33 -0500
Available diffs
gnupg (1.4.10-2ubuntu1.5) lucid-security; urgency=low
* SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic
Cryptanalysis attack
- debian/patches/CVE-2013-4576.dpatch: Use blinding for the RSA secret
operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the
MPIs used as input to secret key functions in cipher/dsa.c,
cipher/elgamal.c, cipher/rsa.c.
- CVE-2013-4576
-- Marc Deslauriers <email address hidden> Wed, 18 Dec 2013 11:18:09 -0500
Available diffs
gnupg (1.4.15-1.1ubuntu2) trusty; urgency=medium * Build using dh-autoreconf * Disable inline assembler for ppc64el. -- Matthias Klose <email address hidden> Sun, 15 Dec 2013 10:39:38 +0100
Available diffs
gnupg (1.4.15-1.1ubuntu1) trusty; urgency=low
* Resynchronise with Debian. Remaining changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build.
* Dropped upstreamed patches:
- debian/patches/CVE-2013-4351.patch
- debian/patches/CVE-2013-4402.patch
Available diffs
- diff from 1.4.14-1ubuntu2 to 1.4.15-1.1ubuntu1 (501.5 KiB)
| Superseded in trusty-release |
| Obsolete in saucy-release |
| Deleted in saucy-proposed (Reason: moved to release) |
gnupg (1.4.14-1ubuntu2) saucy; urgency=low
* SECURITY UPDATE: incorrect no-usage-permitted flag handling
- debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
in g10/getkey.c, g10/keygen.c, include/cipher.h.
- CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
- debian/patches/CVE-2013-4402.patch: set limits on number of filters
and nested packets in util/iobuf.c, g10/mainproc.c.
- CVE-2013-4402
-- Marc Deslauriers <email address hidden> Tue, 08 Oct 2013 07:40:27 -0400
Available diffs
gnupg (1.4.11-3ubuntu2.4) precise-security; urgency=low
* SECURITY UPDATE: incorrect no-usage-permitted flag handling
- debian/patches/CVE-2013-4351.dpatch: correctly handle empty key flags
in g10/getkey.c, g10/keygen.c, include/cipher.h.
- CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
- debian/patches/CVE-2013-4402.dpatch: set limits on number of filters
and nested packets in util/iobuf.c, g10/mainproc.c.
- CVE-2013-4402
-- Marc Deslauriers <email address hidden> Tue, 08 Oct 2013 07:49:58 -0400
Available diffs
gnupg (1.4.10-2ubuntu1.4) lucid-security; urgency=low
* SECURITY UPDATE: incorrect no-usage-permitted flag handling
- debian/patches/CVE-2013-4351.dpatch: correctly handle empty key flags
in g10/getkey.c, g10/keygen.c, include/cipher.h.
- CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
- debian/patches/CVE-2013-4402.dpatch: set limits on number of filters
and nested packets in util/iobuf.c, g10/mainproc.c.
- CVE-2013-4402
-- Marc Deslauriers <email address hidden> Tue, 08 Oct 2013 07:51:47 -0400
Available diffs
gnupg (1.4.11-3ubuntu4.3) quantal-security; urgency=low
* SECURITY UPDATE: incorrect no-usage-permitted flag handling
- debian/patches/CVE-2013-4351.dpatch: correctly handle empty key flags
in g10/getkey.c, g10/keygen.c, include/cipher.h.
- CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
- debian/patches/CVE-2013-4402.dpatch: set limits on number of filters
and nested packets in util/iobuf.c, g10/mainproc.c.
- CVE-2013-4402
-- Marc Deslauriers <email address hidden> Tue, 08 Oct 2013 07:46:59 -0400
Available diffs
gnupg (1.4.12-7ubuntu1.2) raring-security; urgency=low
* SECURITY UPDATE: incorrect no-usage-permitted flag handling
- debian/patches/CVE-2013-4351.patch: correctly handle empty key flags
in g10/getkey.c, g10/keygen.c, include/cipher.h.
- CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
- debian/patches/CVE-2013-4402.patch: set limits on number of filters
and nested packets in util/iobuf.c, g10/mainproc.c.
- CVE-2013-4402
-- Marc Deslauriers <email address hidden> Tue, 08 Oct 2013 07:43:41 -0400
Available diffs
gnupg (1.4.14-1ubuntu1) saucy; urgency=low
* Resynchronise with Debian. Remaining changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build.
Available diffs
gnupg (1.4.12-7ubuntu1.1) raring-security; urgency=low
* SECURITY UPDATE: The path of execution in an exponentiation function may
depend upon secret key data, allowing a local attacker to determine the
contents of the secret key through a side-channel attack.
- debian/patches/CVE-2013-4242.diff: always perform the mpi_mul for
exponents in secure memory. Based on upstream patch.
- CVE-2013-4242
-- Seth Arnold <email address hidden> Tue, 30 Jul 2013 14:54:59 -0700
Available diffs
gnupg (1.4.11-3ubuntu4.2) quantal-security; urgency=low
* SECURITY UPDATE: The path of execution in an exponentiation function may
depend upon secret key data, allowing a local attacker to determine the
contents of the secret key through a side-channel attack.
- debian/patches/CVE-2013-4242.dpatch: always perform the mpi_mul for
exponents in secure memory. Based on upstream patch.
- CVE-2013-4242
-- Seth Arnold <email address hidden> Tue, 30 Jul 2013 15:22:19 -0700
Available diffs
gnupg (1.4.11-3ubuntu2.3) precise-security; urgency=low
* SECURITY UPDATE: The path of execution in an exponentiation function may
depend upon secret key data, allowing a local attacker to determine the
contents of the secret key through a side-channel attack.
- debian/patches/CVE-2013-4242.dpatch: always perform the mpi_mul for
exponents in secure memory. Based on upstream patch.
- CVE-2013-4242
-- Seth Arnold <email address hidden> Tue, 30 Jul 2013 15:51:17 -0700
Available diffs
gnupg (1.4.10-2ubuntu1.3) lucid-security; urgency=low
* SECURITY UPDATE: The path of execution in an exponentiation function may
depend upon secret key data, allowing a local attacker to determine the
contents of the secret key through a side-channel attack.
- debian/patches/CVE-2013-4242.dpatch: always perform the mpi_mul for
exponents in secure memory. Based on upstream patch.
- CVE-2013-4242
-- Seth Arnold <email address hidden> Tue, 30 Jul 2013 15:56:45 -0700
Available diffs
gnupg (1.4.10-2ubuntu1.2) lucid-security; urgency=low
* SECURITY UPDATE: keyring corruption via malformed key import
- debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c.
- CVE-2012-6085
-- Marc Deslauriers <email address hidden> Tue, 08 Jan 2013 10:55:50 -0500
Available diffs
gnupg (1.4.11-3ubuntu2.2) precise-security; urgency=low
* SECURITY UPDATE: keyring corruption via malformed key import
- debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c.
- CVE-2012-6085
-- Marc Deslauriers <email address hidden> Tue, 08 Jan 2013 10:52:55 -0500
Available diffs
gnupg (1.4.6-2ubuntu5.2) hardy-security; urgency=low
* SECURITY UPDATE: keyring corruption via malformed key import
- debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c.
- CVE-2012-6085
-- Marc Deslauriers <email address hidden> Tue, 08 Jan 2013 10:57:13 -0500
Available diffs
gnupg (1.4.11-3ubuntu1.11.10.2) oneiric-security; urgency=low
* SECURITY UPDATE: keyring corruption via malformed key import
- debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c.
- CVE-2012-6085
-- Marc Deslauriers <email address hidden> Tue, 08 Jan 2013 10:54:13 -0500
gnupg (1.4.11-3ubuntu4.1) quantal-security; urgency=low
* SECURITY UPDATE: keyring corruption via malformed key import
- debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c.
- CVE-2012-6085
-- Marc Deslauriers <email address hidden> Tue, 08 Jan 2013 10:46:11 -0500
Available diffs
| Superseded in saucy-release |
| Obsolete in raring-release |
| Deleted in raring-proposed (Reason: moved to release) |
gnupg (1.4.12-7ubuntu1) raring; urgency=low
* Resynchronise with Debian. Remaining changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build.
- Update config.guess/config.sub for aarch64.
Available diffs
gnupg (1.4.12-6ubuntu1) raring; urgency=low
* Resynchronise with Debian. Remaining changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
- Remove the Win32 build.
- Update config.guess/config.sub for aarch64.
* Dropped patches:
- Fix udeb build failure on powerpc, building with -O2 instead of -Os.
(No longer seems to be necessary.)
* Simplify removal of Win32 build, to make this easier to merge in future.
Available diffs
gnupg (1.4.11-3ubuntu4) quantal; urgency=low * Update config.guess,sub for aarch64 -- Wookey <email address hidden> Mon, 01 Oct 2012 12:56:41 +0100
Available diffs
| Obsolete in natty-security |
| Obsolete in natty-updates |
| Deleted in natty-proposed (Reason: moved to -updates) |
gnupg (1.4.11-3ubuntu1.11.04.1) natty-security; urgency=low
* debian/patches/long-keyids.dpatch: Use the longest key ID available
when requesting a key from a key server.
-- Marc Deslauriers <email address hidden> Tue, 14 Aug 2012 08:37:40 -0400
Available diffs
| Superseded in oneiric-security |
| Superseded in oneiric-updates |
| Deleted in oneiric-proposed (Reason: moved to -updates) |
gnupg (1.4.11-3ubuntu1.11.10.1) oneiric-security; urgency=low
* debian/patches/long-keyids.dpatch: Use the longest key ID available
when requesting a key from a key server.
-- Marc Deslauriers <email address hidden> Tue, 14 Aug 2012 08:36:09 -0400
Available diffs
| Superseded in hardy-security |
| Superseded in hardy-updates |
| Deleted in hardy-proposed (Reason: moved to -updates) |
gnupg (1.4.6-2ubuntu5.1) hardy-security; urgency=low
* debian/patches/long-keyids.dpatch: Use the longest key ID available
when requesting a key from a key server.
-- Marc Deslauriers <email address hidden> Tue, 14 Aug 2012 08:43:58 -0400
Available diffs
| Superseded in lucid-security |
| Superseded in lucid-updates |
| Deleted in lucid-proposed (Reason: moved to -updates) |
gnupg (1.4.10-2ubuntu1.1) lucid-security; urgency=low
* debian/patches/long-keyids.dpatch: Use the longest key ID available
when requesting a key from a key server.
-- Marc Deslauriers <email address hidden> Tue, 14 Aug 2012 08:41:19 -0400
Available diffs
| Superseded in precise-security |
| Superseded in precise-updates |
| Deleted in precise-proposed (Reason: moved to -updates) |
gnupg (1.4.11-3ubuntu2.1) precise-security; urgency=low
* debian/patches/long-keyids.dpatch: Use the longest key ID available
when requesting a key from a key server.
-- Marc Deslauriers <email address hidden> Tue, 14 Aug 2012 08:34:24 -0400
Available diffs
gnupg (1.4.11-3ubuntu3) quantal-proposed; urgency=low
* debian/patches/long-keyids.dpatch: Use the longest key ID available
when requesting a key from a key server.
-- Marc Deslauriers <email address hidden> Tue, 24 Jul 2012 10:28:39 -0400
Available diffs
gnupg (1.4.11-3ubuntu2) precise; urgency=low * Mark gnupg, gnupg-curl, and gpgv Multi-Arch: foreign. -- Colin Watson <email address hidden> Mon, 21 Nov 2011 13:42:07 +0000
Available diffs
- diff from 1.4.11-3ubuntu1 to 1.4.11-3ubuntu2 (627 bytes)
gnupg (1.4.11-3ubuntu1) natty; urgency=low * Resynchronise with Debian (LP: #720905). Remaining changes: - Disable mlock() test since it fails with ulimit 0 (on buildds). - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default. - Fix udeb build failure on powerpc, building with -O2 instead of -Os. - Only suggest gnupg-curl and libldap; recommendations are pulled into minimal, and we don't need the keyserver utilities in a minimal Ubuntu system. * debian/{control,rules}: Remove the Win32 build (and mingw32 build-dependency), since mingw32 is in universe, and will remain so for the forseeable future.
Available diffs
- diff from 1.4.10-4ubuntu2 to 1.4.11-3ubuntu1 (945.9 KiB)
| Superseded in natty-release |
gnupg (1.4.10-4ubuntu2) natty; urgency=low * No-change rebuild to drop upstream changelog. -- Martin Pitt <email address hidden> Fri, 03 Dec 2010 08:31:25 +0100
Available diffs
- diff from 1.4.10-4ubuntu1 to 1.4.10-4ubuntu2 (305 bytes)
| Superseded in natty-release |
gnupg (1.4.10-4ubuntu1) natty; urgency=low
* Resynchronise with Debian. Remaining changes:
- Disable mlock() test since it fails with ulimit 0 (on buildds).
- Set gpg (or gpg2) and gpgsm to use a passphrase agent by default.
- Fix udeb build failure on powerpc, building with -O2 instead of -Os.
- Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
Available diffs
gnupg (1.4.10-2ubuntu2) maverick; urgency=low
* Only suggest gnupg-curl and libldap; recommendations are pulled into
minimal, and we don't need the keyserver utilities in a minimal Ubuntu
system.
-- Colin Watson <email address hidden> Mon, 14 Jun 2010 14:40:00 +0100
Available diffs
- diff from 1.4.10-2ubuntu1 to 1.4.10-2ubuntu2 (858 bytes)
gnupg (1.4.10-2ubuntu1) lucid; urgency=low * Merge from Debian testing (lp: #503064, #477818). Remaining changes: - Add 'debian/patches/50_disable_mlock_test.dpatch': Disable mlock() test since it fails with ulimit 0 (on buildds). - Add 'debian/patches/61_use_agent_default.dpatch': Patch to set gpg (or gpg2) and gpgsm to use a passphrase agent by default (lp: 15485) - Fix udeb build failure on powerpc, building with -O2 instead of -Os. -- Michael Bienia <email address hidden> Mon, 04 Jan 2010 20:06:01 +0100
Available diffs
- diff from 1.4.9-4ubuntu7 to 1.4.10-2ubuntu1 (993.1 KiB)
gnupg (1.4.9-4ubuntu7) karmic; urgency=low * Fix udeb build failure on powerpc, building with -O2 instead of -Os. -- Matthias Klose <email address hidden> Sun, 27 Sep 2009 13:49:46 +0200
Available diffs
- diff from 1.4.9-4ubuntu6 to 1.4.9-4ubuntu7 (516 bytes)
| Superseded in karmic-release |
gnupg (1.4.9-4ubuntu6) karmic; urgency=low * Build-depend on libreadline-dev instead of libreadline5-dev. -- Matthias Klose <email address hidden> Sat, 19 Sep 2009 22:52:53 +0200
Available diffs
- diff from 1.4.9-4ubuntu5 to 1.4.9-4ubuntu6 (503 bytes)
| Superseded in karmic-release |
gnupg (1.4.9-4ubuntu5) karmic; urgency=low
* debian/gnupg.udev:
Add udev rules to set ACLs on SCM smartcard readers. They replace the hal
rules for the same purpose. (LP: #57755)
* debian/rules:
Call dh_installudev.
-- Michael Bienia <email address hidden> Fri, 03 Jul 2009 15:38:40 +0200
Available diffs
- diff from 1.4.9-4ubuntu4 to 1.4.9-4ubuntu5 (962 bytes)
| Superseded in karmic-release |
gnupg (1.4.9-4ubuntu4) karmic; urgency=low
* Undo the last change. A GnuPG bug with handling multiple keyservers
makes this break
-- Mackenzie Morgan <email address hidden> Sat, 20 Jun 2009 18:04:47 -0400
Available diffs
- diff from 1.4.9-4ubuntu3 to 1.4.9-4ubuntu4 (690 bytes)
| Superseded in karmic-release |
gnupg (1.4.9-4ubuntu3) karmic; urgency=low * deian/patches/100_ubuntu_default_keyserver.dpatch: (LP: #380093) - Add keyserver.ubuntu.com as a default keyserver in g10/options.skel -- Mackenzie Morgan <email address hidden> Mon, 25 May 2009 13:10:51 -0400
Available diffs
- diff from 1.4.9-4ubuntu2 to 1.4.9-4ubuntu3 (708 bytes)
| Superseded in karmic-release |
gnupg (1.4.9-4ubuntu2) karmic; urgency=low
* debian/rules: add --enable-noexecstack to configure to avoid needless
executable stacks on i386 (LP: #49323, debian bug 527630).
* debian/rules: fix "nocheck" logic to run tests (debian bug 521884).
-- Kees Cook <email address hidden> Fri, 08 May 2009 09:12:18 -0700
Available diffs
- diff from 1.4.9-4ubuntu1 to 1.4.9-4ubuntu2 (711 bytes)
| 1 → 75 of 121 results | First • Previous • Next • Last |
