-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 04 Mar 2015 18:46:34 +0100 Source: gnupg Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb gpgv-win32 Architecture: source all amd64 Version: 1.4.12-7+deb7u7 Distribution: wheezy-security Urgency: high Maintainer: Debian GnuPG-Maintainers <[email protected]> Changed-By: Alessandro Ghedini <[email protected]> Description: gnupg - GNU privacy guard - a free PGP replacement gnupg-curl - GNU privacy guard - a free PGP replacement (cURL) gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb) gpgv - GNU privacy guard - signature verification tool gpgv-udeb - minimal signature verification tool (udeb) gpgv-win32 - GNU privacy guard - signature verification tool (win32 build) Closes: 778652 Changes: gnupg (1.4.12-7+deb7u7) wheezy-security; urgency=high . * Use ciphertext blinding for Elgamal decryption to counteract a side-channel attack as per CVE-2014-3591 * Fix data-dependent timing variations in the modular exponentiation function that could be used to mount a side-channel attack as per CVE-2015-0837 * Fix a use-after-free when importing a garbled keyring file as per CVE-2015-1606 (Closes: #778652) Checksums-Sha1: d3ef8848a37897e81bee18af4da865ca4b6e9168 2322 gnupg_1.4.12-7+deb7u7.dsc e21c7139d23201b004f7b259968d45f0eca37f33 120475 gnupg_1.4.12-7+deb7u7.debian.tar.gz df8a0ef18df0fb86167128ac6c31d6709c2f9c6b 617064 gpgv-win32_1.4.12-7+deb7u7_all.deb c03f15e5ee0fba0b77a51e063db87708aee0e422 1956126 gnupg_1.4.12-7+deb7u7_amd64.deb bc5c60462be7702988e083cf68c7f8edfcb962a5 64308 gnupg-curl_1.4.12-7+deb7u7_amd64.deb 8dae53bc42d1f35054ce35124da8b92f6097f1c2 228244 gpgv_1.4.12-7+deb7u7_amd64.deb dbe121bae44db6eb6108311f41997c4ede1178b2 354018 gnupg-udeb_1.4.12-7+deb7u7_amd64.udeb 5d32171182e956f8277d44378b1623bbeae23110 130734 gpgv-udeb_1.4.12-7+deb7u7_amd64.udeb Checksums-Sha256: edf571e8ebcdb13404c347d5e51041814eb3d1b1b1d9d02e4b18e84b1c90f831 2322 gnupg_1.4.12-7+deb7u7.dsc 0f9b3f60f6f3d3925f30cef59bdee2fdf3e06930cd00b396f4338b14aee0aa82 120475 gnupg_1.4.12-7+deb7u7.debian.tar.gz 27760f636f6dbfe387dfbede1131fe7a0dd5fd3b0ab562213193ffa7cfcadfb5 617064 gpgv-win32_1.4.12-7+deb7u7_all.deb 2920249908a8297f85006def6a55fb99abfcc8466cac2b9f28d01ce8315df065 1956126 gnupg_1.4.12-7+deb7u7_amd64.deb b626c3320c0ba2c41c5214bf8175c713f3713cc393e9361a977dc0202c197875 64308 gnupg-curl_1.4.12-7+deb7u7_amd64.deb 8361f45f51a7e70e3367e5b2df59fa8defc8648a76afa4159da3f249460f5b33 228244 gpgv_1.4.12-7+deb7u7_amd64.deb dd7230f9d025c47e8c94e4101e2970e94aed50ec0c65801f9c7cd0a03d6723e1 354018 gnupg-udeb_1.4.12-7+deb7u7_amd64.udeb 4abcb1191d8a3e58d88fb56084f9d784255ba68c767babc3c2819b7a1a689b78 130734 gpgv-udeb_1.4.12-7+deb7u7_amd64.udeb Files: 6bcf197234014e47eaef8fde4c1f1353 2322 utils important gnupg_1.4.12-7+deb7u7.dsc 253640158f60258ba671108df2dd5382 120475 utils important gnupg_1.4.12-7+deb7u7.debian.tar.gz 5f15f3ac2f586b95ab21c3f83fd1bf35 617064 utils extra gpgv-win32_1.4.12-7+deb7u7_all.deb 17916456c6e84c434205bad15e98e902 1956126 utils important gnupg_1.4.12-7+deb7u7_amd64.deb 56699ccfefc9bb6c39325d746363c018 64308 utils optional gnupg-curl_1.4.12-7+deb7u7_amd64.deb 91a07e1a42703f0ce59c4a1de60e961d 228244 utils important gpgv_1.4.12-7+deb7u7_amd64.deb 6d90567115ee873d4ce6c87991cfaed0 354018 debian-installer extra gnupg-udeb_1.4.12-7+deb7u7_amd64.udeb 2fda838d1101cc202ddd087c8c98b635 130734 debian-installer extra gpgv-udeb_1.4.12-7+deb7u7_amd64.udeb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJU/HuHAAoJEK+lG9bN5XPLOxoP/Rfm9JTDRxXpxx92UITduloK WV1o8/Ad4RbaHoerUETjoWKqIRZ+8nrHNXWQIH1Wrl9eYlnf86fjUY0j+A6p5juR GbFSwolFk8TA1+r8kTQVzWhIrtY3gnO3OA2F/rflwojZYmXtRj7TBaI/D1VBXkjx nxg20X7r/mo8EmT1ccRGlDhqxFleL+dqnBOzesSqdaDXvgkSrvyibfX0cSznzrDq 81m687pbuGbFUfQ1xz9pNOU7JqDY5aFPgbDI9+WZsxu78suooNZ73LMssOXio5NZ 7xIU+P8Ngnf6icIccSRl/jT8SRtcroNnPgfm6Eqn1IqXu0j5V5QIrmE6elL1TzYC oHrduQvfsonpSWPB8Wr0UaOc2LS6ETk+aWhNxNXxrzoawsIaTvE6FQk50MnHn+mZ OTnmbkhi/0yLxusDOhaq3rOm96qqqLr/Xvkxy82musuxmjRo3y2k1/TycHmpj/pD V34FGuruj6Z1EF5+m1ct+5jlOEud6Ds6ZsgbEUALPJUMA1EvgBqtMQqe6CsGpZmF xaR9VR0fL8eTTMHaIJl7N0vWaYNJWHjAHrF+UN4js1TPjBMYOAIJ256Lr2J097x9 CuWC+1KGbKeS+X1AhilUgE69Q2hi7bN0LxrtgGrp1BH7aEDp6FtxEWYj+jGnOfwa fcJbDt+0XzmfN5tVUVUs =QvA8 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
