gnupg 1.4.16-1ubuntu2.3 source package in Ubuntu
Changelog
gnupg (1.4.16-1ubuntu2.3) trusty-security; urgency=medium * Screen responses from keyservers (LP: #1409117) - d/p/0001-Screen-keyserver-responses.patch - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch - d/p/0003-Add-kbnode_t-for-easier-backporting.patch - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766) - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch - debian/rules: build with --enable-large-secmem * SECURITY UPDATE: sidechannel attack on Elgamal - debian/patches/CVE-2014-3591.patch: use ciphertext blinding in cipher/elgamal.c. - CVE-2014-3591 * SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm - debian/patches/CVE-2015-0837.patch: avoid timing variations in include/mpi.h, mpi/mpi-pow.c, mpi/mpiutil.c. - CVE-2015-0837 * SECURITY UPDATE: invalid memory read via invalid keyring - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in a keyring in g10/keyring.c. - CVE-2015-1606 * SECURITY UPDATE: memcpy with overlapping ranges - debian/patches/CVE-2015-1607.patch: use inline functions to convert buffer data to scalars in g10/apdu.c, g10/app-openpgp.c, g10/build-packet.c, g10/ccid-driver.c, g10/getkey.c, g10/keygen.c, g10/keyid.c, g10/misc.c, g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h. - CVE-2015-1607 -- Marc Deslauriers <email address hidden> Fri, 27 Mar 2015 08:22:48 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Trusty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- utils
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
gnupg_1.4.16.orig.tar.gz | 4.8 MiB | f3af2f9c34c305869ad38b4ee7ab9e1487f50884ee8d9d42cccb31e1ced5cdef |
gnupg_1.4.16-1ubuntu2.3.debian.tar.gz | 53.4 KiB | 2c5d2dcaecac2aeb9fd8f2977a4c5eae12a29810757bd444508596145e7aaa0e |
gnupg_1.4.16-1ubuntu2.3.dsc | 2.3 KiB | 680dd00fc17a0d5f2466e8f7182c54bd37d1fc2c3148fd1e0161d5c5ab8a0df5 |
Available diffs
Binary packages built by this source
- gnupg: GNU privacy guard - a free PGP replacement
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant
with the proposed OpenPGP Internet standard as described in RFC 4880.
.
GnuPG 1.4 is the standalone, non-modularized series. In contrast to
the version 2 series, shipped with the gnupg2 package, it comes
with no support for S/MIME and some other tools useful for desktop
environments, but also with less dependencies.
.
The gnupg package is built without libcurl. So it does not support
HKPS keyservers. Install the gnupg-curl package if you want to use
the keyserver helper tools built with libcurl and supporting HKPS.
- gnupg-curl: GNU privacy guard - a free PGP replacement (cURL)
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant
with the proposed OpenPGP Internet standard as described in RFC 4880.
.
This package contains the keyserver helper tools built with libcurl,
which replace the ones in the gnupg package built with the "curl shim"
variant of gnupg. This package provides support for HKPS keyservers.
- gnupg-udeb: GNU privacy guard - a free PGP replacement
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant
with the proposed OpenPGP Internet standard as described in RFC 4880.
.
This is GnuPG packaged in minimal form for use in debian-installer.
- gpgv: GNU privacy guard - signature verification tool
GnuPG is GNU's tool for secure communication and data storage.
.
gpgv is a stripped-down version of gnupg which is only able to check
signatures. It is smaller than the full-blown gnupg and uses a
different (and simpler) way to check that the public keys used to
make the signature are trustworthy.
- gpgv-udeb: minimal signature verification tool
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant
with the proposed OpenPGP Internet standard as described in RFC 4880.
.
This is GnuPG's signature verification tool, gpgv, packaged in minimal
form for use in debian-installer.