CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2016/08/26 02:27:48
Modified files:
security/gnupg : Makefile distinfo
Log message:
SECURITY update to gnupg-1.4.21
CVE-2016-6313: * Fix critical security bug in the RNG [CVE-2016-6313].
An attacker who obtains 580 bytes from the standard RNG can trivially
predict the next 20 bytes of output. Problem detected by Felix
Dörre and Vladimir Klebanov, KIT.
Main behavior changes:
- CAST5 -> AES for symmetric encryption
- MD5 sigs rejected by default
ok danj@
