Format: 1.8 Date: Fri, 27 Mar 2015 08:16:53 -0400 Source: gnupg2 Binary: gnupg-agent scdaemon gpgsm gnupg2 gpgv2 Architecture: armhf armhf_translations Version: 2.0.24-1ubuntu2.2 Distribution: utopic Urgency: medium Maintainer: Ubuntu/armhf Build Daemon Changed-By: Marc Deslauriers Description: gnupg-agent - GNU privacy guard - password agent gnupg2 - GNU privacy guard - a free PGP replacement (new v2.x) gpgsm - GNU privacy guard - S/MIME version gpgv2 - GNU privacy guard - signature verification tool (new v2.x) scdaemon - GNU privacy guard - smart card support Launchpad-Bugs-Fixed: 1371766 1421640 Changes: gnupg2 (2.0.24-1ubuntu2.2) utopic-security; urgency=medium . * Fix screening responses from keyservers (LP: #1421640) - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch - d/p/0003-Add-kbnode_t-for-easier-backporting.patch - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766) - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch - debian/rules: build with --enable-large-secmem * SECURITY UPDATE: invalid memory read via invalid keyring - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in a keyring in g10/keyring.c. - CVE-2015-1606 * SECURITY UPDATE: memcpy with overlapping ranges - debian/patches/CVE-2015-1607.patch: use inline functions to convert buffer data to scalars in common/iobuf.c, g10/build-packet.c, g10/getkey.c, g10/keyid.c, g10/main.h, g10/misc.c, g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h, kbx/keybox-dump.c, kbx/keybox-openpgp.c, kbx/keybox-search.c, kbx/keybox-update.c, scd/apdu.c, scd/app-openpgp.c, scd/ccid-driver.c, scd/pcsc-wrapper.c, tools/ccidmon.c. - CVE-2015-1607 Checksums-Sha1: c47ed4ef25f299fcede32f83880c88afe932e382 196158 gnupg-agent_2.0.24-1ubuntu2.2_armhf.deb f7db3b27e870c09c9a31f84d6ca8118734065495 143856 scdaemon_2.0.24-1ubuntu2.2_armhf.deb 613441ff1e7e0239b6d145a4e93f10334edb5fc9 169654 gpgsm_2.0.24-1ubuntu2.2_armhf.deb 478bdc9f07ac61a2750ad20b3d4ddac4a850a067 634682 gnupg2_2.0.24-1ubuntu2.2_armhf.deb dc5305748b1de205a8750da88cf5e5901990437d 134258 gpgv2_2.0.24-1ubuntu2.2_armhf.deb 301257c4f3b1ea0427aea985653c0d8971499aaa 3072009 gnupg2_2.0.24-1ubuntu2.2_armhf_translations.tar.gz Checksums-Sha256: 37765c5481796f7d1f602d709253d36c68533a577ddcf23695e6866bb65c75cf 196158 gnupg-agent_2.0.24-1ubuntu2.2_armhf.deb b257dbaa228a84b45d609e8baa628209db61181b4f0b40bcec6f7a714d06b2c2 143856 scdaemon_2.0.24-1ubuntu2.2_armhf.deb 25bce35ea7aeafb4be2c18e7687c5f743a3f0e165caa2b2b8745ab72dfda44a6 169654 gpgsm_2.0.24-1ubuntu2.2_armhf.deb 089ac3fcc23deed6438d4ae325c4227eafdc365185a597cdffc40130fb2ceb45 634682 gnupg2_2.0.24-1ubuntu2.2_armhf.deb dfc325ad2b88d149aac7e45ffd36eb41cd4d708a78738726396621dfc07ef8cb 134258 gpgv2_2.0.24-1ubuntu2.2_armhf.deb 1ddc08d9cbf065160c3e5d617d6bded5a60105572fa1223f3662c5c7675d0ccb 3072009 gnupg2_2.0.24-1ubuntu2.2_armhf_translations.tar.gz Files: 6176a8a8c48b527b02e812d648e8d4f7 196158 utils optional gnupg-agent_2.0.24-1ubuntu2.2_armhf.deb f0cdec664dbb534f9822c7b9c1195393 143856 utils optional scdaemon_2.0.24-1ubuntu2.2_armhf.deb 5424715a8f4e1679b6aba1897d2cd724 169654 utils optional gpgsm_2.0.24-1ubuntu2.2_armhf.deb 2774872874cb5b59271750855f31498d 634682 utils optional gnupg2_2.0.24-1ubuntu2.2_armhf.deb fd7c543e12cc760d9721c54864fd47ee 134258 utils optional gpgv2_2.0.24-1ubuntu2.2_armhf.deb ab8e3c9a2ef2d33064f3518f0a35c9a6 3072009 raw-translations - gnupg2_2.0.24-1ubuntu2.2_armhf_translations.tar.gz Original-Maintainer: Eric Dorland