gnupg (1.4.11-3ubuntu2.12) precise-security; urgency=medium
* SECURITY UPDATE: full RSA key recovery via side-channel attack
- debian/patches/CVE-2017-7526-part1.dpatch: simplify loop in mpi/mpi-pow.c.
- debian/patches/CVE-2017-7526-part2.dpatch: use same computation for square
and multiply in mpi/mpi-pow.c.
- debian/patches/CVE-2017-7526-part3.dpatch: fix allocation size for mpi_pow
- debian/patches/CVE-2017-7526-part4.dpatch: add exponent blinding in
cipher/rsa.c.
- debian/patches/CVE-2017-7526-part5.dpatch: allow different build directory
- debian/patches/CVE-2017-7526-part6.dpatch: Reduce secmem pressure in
cipher/rsa.c.
- CVE-2017-7526
gnupg (1.4.11-3ubuntu2.11) precise-security; urgency=medium
* SECURITY UPDATE: missing sanitization of verbose output
- debian/patches/CVE-2018-12020.dpatch: Sanitize diagnostic with
the original file name.
- CVE-2018-12020
Date: 2018-08-15 15:37:12.612502+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-ro...@lists.canonical.com>
https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.12
Sorry, changesfile not available.
--
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/precise-changes