Control: tags -1 + pending Hi,
On Fri, 2016-09-02 at 22:45 +0200, Salvatore Bonaccorso wrote: > Hi Adam, > > On Fri, Sep 02, 2016 at 09:11:21PM +0100, Adam D. Barratt wrote: > > Control: tags -1 -moreinfo +confirmed > > > > On Fri, 2016-09-02 at 18:57 +0100, Adam D. Barratt wrote: > > > Control: tags -1 + moreinfo > > > > > > On Sun, 2016-08-14 at 16:00 +0200, Salvatore Bonaccorso wrote: > > > > I would like to propose the following hardening to src:gnupg2 which was > > > > found during the analysis of a vulnerability report to the security team > > > > and related to > > > > https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf > > > > and developed by NIIBE Yutaka. The underlying problem in hardware cannot > > > > be solved in software (and thus we don't want to issue a DSA for it, and > > > > give possibly this false impression), and as pointed out by Florian > > > > there are some other open questions regarding the paper and the attacks > > > > described there. > > > > > > I'd like to treat this and the corresponding gnupg update as a unit > > > (taking both or neither) so holding for now. > > > > As that was confirmed, please go ahead. > > Thanks! Uploaded. Flagged for acceptance; thanks. Regards, Adam