Format: 1.8 Date: Fri, 27 Mar 2015 08:22:48 -0400 Source: gnupg Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb Architecture: powerpc powerpc_translations Version: 1.4.16-1ubuntu2.3 Distribution: trusty Urgency: medium Maintainer: Ubuntu/powerpc Build Daemon Changed-By: Marc Deslauriers Description: gnupg - GNU privacy guard - a free PGP replacement gnupg-curl - GNU privacy guard - a free PGP replacement (cURL) gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb) gpgv - GNU privacy guard - signature verification tool gpgv-udeb - minimal signature verification tool (udeb) Launchpad-Bugs-Fixed: 1371766 1409117 Changes: gnupg (1.4.16-1ubuntu2.3) trusty-security; urgency=medium . * Screen responses from keyservers (LP: #1409117) - d/p/0001-Screen-keyserver-responses.patch - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch - d/p/0003-Add-kbnode_t-for-easier-backporting.patch - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766) - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch - debian/rules: build with --enable-large-secmem * SECURITY UPDATE: sidechannel attack on Elgamal - debian/patches/CVE-2014-3591.patch: use ciphertext blinding in cipher/elgamal.c. - CVE-2014-3591 * SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm - debian/patches/CVE-2015-0837.patch: avoid timing variations in include/mpi.h, mpi/mpi-pow.c, mpi/mpiutil.c. - CVE-2015-0837 * SECURITY UPDATE: invalid memory read via invalid keyring - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in a keyring in g10/keyring.c. - CVE-2015-1606 * SECURITY UPDATE: memcpy with overlapping ranges - debian/patches/CVE-2015-1607.patch: use inline functions to convert buffer data to scalars in g10/apdu.c, g10/app-openpgp.c, g10/build-packet.c, g10/ccid-driver.c, g10/getkey.c, g10/keygen.c, g10/keyid.c, g10/misc.c, g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h. - CVE-2015-1607 Checksums-Sha1: 1a518338e43cb375017221cff4c6014e13446b43 561656 gnupg_1.4.16-1ubuntu2.3_powerpc.deb e0b33c3d2c1e2c57d509463cee967d21c80da4db 15706 gnupg-curl_1.4.16-1ubuntu2.3_powerpc.deb 071e18135255ced602f87b2fa748a5dc22188c1e 141878 gpgv_1.4.16-1ubuntu2.3_powerpc.deb be4e35d0a7d35889076d718a22b577cab706318a 316402 gnupg-udeb_1.4.16-1ubuntu2.3_powerpc.udeb 4ae99cf3e2b252c3f1b2f8a46f22fa6c50984126 114242 gpgv-udeb_1.4.16-1ubuntu2.3_powerpc.udeb 6f4a65c05feac50a3afe943dab741e52c6036af3 2619296 gnupg_1.4.16-1ubuntu2.3_powerpc_translations.tar.gz Checksums-Sha256: 39723bc37cbd31641288aa9e0a977e03eac643fa2856833a602c042241ecc8a0 561656 gnupg_1.4.16-1ubuntu2.3_powerpc.deb f553519d6309d04f21fe553c071410dd3df4e64de9490785d6682ee0f4f5edf7 15706 gnupg-curl_1.4.16-1ubuntu2.3_powerpc.deb 660dc31b15c0379618ec62510a5b486b0f051a800daefe4dbe169eb32d85cc5d 141878 gpgv_1.4.16-1ubuntu2.3_powerpc.deb 8baa4bda9378638a34ac7466ec3fec152dccde617469950138534b5ee0b6edfa 316402 gnupg-udeb_1.4.16-1ubuntu2.3_powerpc.udeb 0360df671c068d9128b200afb3f82b0037ac41a59c2024e29b4c2f6c116ca8cc 114242 gpgv-udeb_1.4.16-1ubuntu2.3_powerpc.udeb f1a36407a8d773af5d64adfccf8f3f7c482dd6804cfffcd3e500481577d58e55 2619296 gnupg_1.4.16-1ubuntu2.3_powerpc_translations.tar.gz Files: e57299acada564ca3fdf091c49ff947e 561656 utils important gnupg_1.4.16-1ubuntu2.3_powerpc.deb 30da6df9d9ed51692b718bb04f4bea93 15706 utils optional gnupg-curl_1.4.16-1ubuntu2.3_powerpc.deb 1ac5da99938baa022329e1e0952bbed3 141878 utils important gpgv_1.4.16-1ubuntu2.3_powerpc.deb cac153422d98aaef619afce2adad6b69 316402 debian-installer extra gnupg-udeb_1.4.16-1ubuntu2.3_powerpc.udeb 26d21930754967fd581cb927e58db9f5 114242 debian-installer extra gpgv-udeb_1.4.16-1ubuntu2.3_powerpc.udeb 6a0db0f06f8ad75e929dca69ccf9f695 2619296 raw-translations - gnupg_1.4.16-1ubuntu2.3_powerpc_translations.tar.gz Original-Maintainer: Debian GnuPG-Maintainers