Hi Daniel,

On Thu, Jul 25, 2013 at 11:18:54AM -0400, Daniel Kahn Gillmor wrote:
> Package: gnupg
> Version: 1.4.12-7.1
> Severity: normal
> Tags: security
> 
> http://www.gnupg.org/download/ suggests that 1.4.14 is available from
> upstream.  debian only has 1.4.12.
[...]
> 
>     * Mitigate the Yarom/Falkner flush+reload side-channel attack on
>       RSA secret keys.  See <http://eprint.iacr.org/2013/448>.

Only for reference here: Thjis Kinkhorst requested a CVE for this in [1].

 [1] http://www.openwall.com/lists/oss-security/2013/07/25/15

Regards,
Salvatore


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to