Format: 1.8 Date: Fri, 27 Mar 2015 08:21:50 -0400 Source: gnupg Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb Architecture: armhf armhf_translations Version: 1.4.16-1.2ubuntu1.2 Distribution: utopic Urgency: medium Maintainer: Ubuntu/armhf Build Daemon Changed-By: Marc Deslauriers Description: gnupg - GNU privacy guard - a free PGP replacement gnupg-curl - GNU privacy guard - a free PGP replacement (cURL) gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb) gpgv - GNU privacy guard - signature verification tool gpgv-udeb - minimal signature verification tool (udeb) Launchpad-Bugs-Fixed: 1371766 1409117 Changes: gnupg (1.4.16-1.2ubuntu1.2) utopic-security; urgency=medium . * Screen responses from keyservers (LP: #1409117) - d/p/0001-Screen-keyserver-responses.patch - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.patch - d/p/0003-Add-kbnode_t-for-easier-backporting.patch - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.patch * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766) - d/p/Add-build-and-runtime-support-for-larger-RSA-key.patch - debian/rules: build with --enable-large-secmem * SECURITY UPDATE: sidechannel attack on Elgamal - debian/patches/CVE-2014-3591.patch: use ciphertext blinding in cipher/elgamal.c. - CVE-2014-3591 * SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm - debian/patches/CVE-2015-0837.patch: avoid timing variations in include/mpi.h, mpi/mpi-pow.c, mpi/mpiutil.c. - CVE-2015-0837 * SECURITY UPDATE: invalid memory read via invalid keyring - debian/patches/CVE-2015-1606.patch: skip all packets not allowed in a keyring in g10/keyring.c. - CVE-2015-1606 * SECURITY UPDATE: memcpy with overlapping ranges - debian/patches/CVE-2015-1607.patch: use inline functions to convert buffer data to scalars in g10/apdu.c, g10/app-openpgp.c, g10/build-packet.c, g10/ccid-driver.c, g10/getkey.c, g10/keygen.c, g10/keyid.c, g10/misc.c, g10/parse-packet.c, g10/tdbio.c, g10/trustdb.c, include/host2net.h. - CVE-2015-1607 Checksums-Sha1: e7337384238495ec57ff005c542c5ad57a049111 556614 gnupg_1.4.16-1.2ubuntu1.2_armhf.deb 594794896c7f13cca2f613c8940d9d13550c6939 15830 gnupg-curl_1.4.16-1.2ubuntu1.2_armhf.deb 1d8a8969bbe5fa25a53ccab6b007a5aad0e4338e 136016 gpgv_1.4.16-1.2ubuntu1.2_armhf.deb 167efa8614191170e2b35ef955bac9ad4749b0ce 314946 gnupg-udeb_1.4.16-1.2ubuntu1.2_armhf.udeb 8c36bad256e04ede64b3c9fa9ba83edcaea274f9 111266 gpgv-udeb_1.4.16-1.2ubuntu1.2_armhf.udeb 08cf46497fa135c8d3c0ec10d49affabe571797c 2619605 gnupg_1.4.16-1.2ubuntu1.2_armhf_translations.tar.gz Checksums-Sha256: 3095cffa5634acb12f4f8a33eb1f352067b2f826df9cbffda723069f9a99d656 556614 gnupg_1.4.16-1.2ubuntu1.2_armhf.deb 31e43e3e36d4124c92d2df2d9d4950e7f04df3c9aa33de3753d728c243d45272 15830 gnupg-curl_1.4.16-1.2ubuntu1.2_armhf.deb 2e5262e3b0326a539d41be40924794db95ff2a63ec02d9e68de71e2a73ae05ae 136016 gpgv_1.4.16-1.2ubuntu1.2_armhf.deb bf237c9e4495e84dc9480f996c605cf9dacb170594f33f4018fcb070f15dc703 314946 gnupg-udeb_1.4.16-1.2ubuntu1.2_armhf.udeb 2e6c24229bf3a827627b8b0ae8010c65b8a6ed15e09f41b8902cbeaf22aa30d5 111266 gpgv-udeb_1.4.16-1.2ubuntu1.2_armhf.udeb 3fcdb67e180ea592329c8d43a3107c27bb53f105cf1d600e7278dbcb6fb89cf5 2619605 gnupg_1.4.16-1.2ubuntu1.2_armhf_translations.tar.gz Files: a8cf019a12caacb7d4d76ae3ca062001 556614 utils important gnupg_1.4.16-1.2ubuntu1.2_armhf.deb a31d60de64eb2df59c4967c9ca1c6fc1 15830 utils optional gnupg-curl_1.4.16-1.2ubuntu1.2_armhf.deb d8f1dc86ac516095cf76a9ef7d08290e 136016 utils important gpgv_1.4.16-1.2ubuntu1.2_armhf.deb 5d13317fb346caaa3857305c742cd6a6 314946 debian-installer extra gnupg-udeb_1.4.16-1.2ubuntu1.2_armhf.udeb 8b94d7b7f6a3448b5cf760a097affc1d 111266 debian-installer extra gpgv-udeb_1.4.16-1.2ubuntu1.2_armhf.udeb 3484ec9d5005f1a1bf827063629bcb36 2619605 raw-translations - gnupg_1.4.16-1.2ubuntu1.2_armhf_translations.tar.gz Original-Maintainer: Debian GnuPG-Maintainers