[Pkg-gnupg-maint] Bug#717845: gnupg: new upstream version 1.4.14 available
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Jul 25 15:18:54 UTC 2013
Package: gnupg
Version: 1.4.12-7.1
Severity: normal
Tags: security
http://www.gnupg.org/download/ suggests that 1.4.14 is available from
upstream. debian only has 1.4.12.
According to
http://lists.gnupg.org/pipermail/gnupg-announce/2012q4/000319.html,
1.4.13 contains the following changes:
* Add support for the old cipher algorithm IDEA.
* Minor bug fixes.
* Small changes to better cope with future OpenPGP and GnuPG
features.
and according to
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
1.4.14 contains the following changes:
* Mitigate the Yarom/Falkner flush+reload side-channel attack on
RSA secret keys. See <http://eprint.iacr.org/2013/448>.
* Fixed IDEA for big-endian CPUs
* Improved the diagnostics for failed keyserver lockups.
* Minor bug and portability fixes.
I'm tagging this with "security" because of the security fix in 1.4.14.
Regards,
--dkg
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.9-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages gnupg depends on:
ii dpkg 1.16.10
ii gpgv 1.4.12-7
ii install-info 5.1.dfsg.1-4
ii libbz2-1.0 1.0.6-4
ii libc6 2.17-7
ii libreadline6 6.2+dfsg-0.1
ii libusb-0.1-4 2:0.1.12-23.2
ii zlib1g 1:1.2.8.dfsg-1
Versions of packages gnupg recommends:
ii gnupg-curl 1.4.12-7.1
ii libldap-2.4-2 2.4.31-1+nmu2
Versions of packages gnupg suggests:
ii eog 3.8.2-1
pn gnupg-doc <none>
ii libpcsclite1 1.8.8-3
ii xloadimage 4.1-21
-- debconf-show failed
More information about the Pkg-gnupg-maint
mailing list