[Pkg-gnupg-maint] Bug#717845: gnupg: new upstream version 1.4.14 available
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 25 15:39:37 UTC 2013
Hi Daniel,
On Thu, Jul 25, 2013 at 11:18:54AM -0400, Daniel Kahn Gillmor wrote:
> Package: gnupg
> Version: 1.4.12-7.1
> Severity: normal
> Tags: security
>
> http://www.gnupg.org/download/ suggests that 1.4.14 is available from
> upstream. debian only has 1.4.12.
[...]
>
> * Mitigate the Yarom/Falkner flush+reload side-channel attack on
> RSA secret keys. See <http://eprint.iacr.org/2013/448>.
Only for reference here: Thjis Kinkhorst requested a CVE for this in [1].
[1] http://www.openwall.com/lists/oss-security/2013/07/25/15
Regards,
Salvatore
More information about the Pkg-gnupg-maint
mailing list