gnupg (1.4.11-3ubuntu2.12) precise-security; urgency=medium

  * SECURITY UPDATE: full RSA key recovery via side-channel attack
    - debian/patches/CVE-2017-7526-part1.dpatch: simplify loop in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-part2.dpatch: use same computation for square
      and multiply in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-part3.dpatch: fix allocation size for mpi_pow
    - debian/patches/CVE-2017-7526-part4.dpatch: add exponent blinding in
      cipher/rsa.c.
    - debian/patches/CVE-2017-7526-part5.dpatch: allow different build directory
    - debian/patches/CVE-2017-7526-part6.dpatch: Reduce secmem pressure in
      cipher/rsa.c.
    - CVE-2017-7526

gnupg (1.4.11-3ubuntu2.11) precise-security; urgency=medium

  * SECURITY UPDATE: missing sanitization of verbose output
    - debian/patches/CVE-2018-12020.dpatch: Sanitize diagnostic with
      the original file name.
    - CVE-2018-12020

Date: 2018-08-15 15:37:12.612502+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-ro...@lists.canonical.com>
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.12
Sorry, changesfile not available.
-- 
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/precise-changes

Reply via email to