Accepted gnupg 1.4.12-7+deb7u7 (source all amd64) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 04 Mar 2015 18:46:34 +0100
Source: gnupg
Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb gpgv-win32
Architecture: source all amd64
Version: 1.4.12-7+deb7u7
Distribution: wheezy-security
Urgency: high
Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
Changed-By: Alessandro Ghedini <ghedo@debian.org>
Description:
gnupg - GNU privacy guard - a free PGP replacement
gnupg-curl - GNU privacy guard - a free PGP replacement (cURL)
gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb)
gpgv - GNU privacy guard - signature verification tool
gpgv-udeb - minimal signature verification tool (udeb)
gpgv-win32 - GNU privacy guard - signature verification tool (win32 build)
Closes: 778652
Changes:
gnupg (1.4.12-7+deb7u7) wheezy-security; urgency=high
.
* Use ciphertext blinding for Elgamal decryption to counteract a
side-channel attack as per CVE-2014-3591
* Fix data-dependent timing variations in the modular exponentiation
function that could be used to mount a side-channel attack as per
CVE-2015-0837
* Fix a use-after-free when importing a garbled keyring file
as per CVE-2015-1606 (Closes: #778652)
Checksums-Sha1:
d3ef8848a37897e81bee18af4da865ca4b6e9168 2322 gnupg_1.4.12-7+deb7u7.dsc
e21c7139d23201b004f7b259968d45f0eca37f33 120475 gnupg_1.4.12-7+deb7u7.debian.tar.gz
df8a0ef18df0fb86167128ac6c31d6709c2f9c6b 617064 gpgv-win32_1.4.12-7+deb7u7_all.deb
c03f15e5ee0fba0b77a51e063db87708aee0e422 1956126 gnupg_1.4.12-7+deb7u7_amd64.deb
bc5c60462be7702988e083cf68c7f8edfcb962a5 64308 gnupg-curl_1.4.12-7+deb7u7_amd64.deb
8dae53bc42d1f35054ce35124da8b92f6097f1c2 228244 gpgv_1.4.12-7+deb7u7_amd64.deb
dbe121bae44db6eb6108311f41997c4ede1178b2 354018 gnupg-udeb_1.4.12-7+deb7u7_amd64.udeb
5d32171182e956f8277d44378b1623bbeae23110 130734 gpgv-udeb_1.4.12-7+deb7u7_amd64.udeb
Checksums-Sha256:
edf571e8ebcdb13404c347d5e51041814eb3d1b1b1d9d02e4b18e84b1c90f831 2322 gnupg_1.4.12-7+deb7u7.dsc
0f9b3f60f6f3d3925f30cef59bdee2fdf3e06930cd00b396f4338b14aee0aa82 120475 gnupg_1.4.12-7+deb7u7.debian.tar.gz
27760f636f6dbfe387dfbede1131fe7a0dd5fd3b0ab562213193ffa7cfcadfb5 617064 gpgv-win32_1.4.12-7+deb7u7_all.deb
2920249908a8297f85006def6a55fb99abfcc8466cac2b9f28d01ce8315df065 1956126 gnupg_1.4.12-7+deb7u7_amd64.deb
b626c3320c0ba2c41c5214bf8175c713f3713cc393e9361a977dc0202c197875 64308 gnupg-curl_1.4.12-7+deb7u7_amd64.deb
8361f45f51a7e70e3367e5b2df59fa8defc8648a76afa4159da3f249460f5b33 228244 gpgv_1.4.12-7+deb7u7_amd64.deb
dd7230f9d025c47e8c94e4101e2970e94aed50ec0c65801f9c7cd0a03d6723e1 354018 gnupg-udeb_1.4.12-7+deb7u7_amd64.udeb
4abcb1191d8a3e58d88fb56084f9d784255ba68c767babc3c2819b7a1a689b78 130734 gpgv-udeb_1.4.12-7+deb7u7_amd64.udeb
Files:
6bcf197234014e47eaef8fde4c1f1353 2322 utils important gnupg_1.4.12-7+deb7u7.dsc
253640158f60258ba671108df2dd5382 120475 utils important gnupg_1.4.12-7+deb7u7.debian.tar.gz
5f15f3ac2f586b95ab21c3f83fd1bf35 617064 utils extra gpgv-win32_1.4.12-7+deb7u7_all.deb
17916456c6e84c434205bad15e98e902 1956126 utils important gnupg_1.4.12-7+deb7u7_amd64.deb
56699ccfefc9bb6c39325d746363c018 64308 utils optional gnupg-curl_1.4.12-7+deb7u7_amd64.deb
91a07e1a42703f0ce59c4a1de60e961d 228244 utils important gpgv_1.4.12-7+deb7u7_amd64.deb
6d90567115ee873d4ce6c87991cfaed0 354018 debian-installer extra gnupg-udeb_1.4.12-7+deb7u7_amd64.udeb
2fda838d1101cc202ddd087c8c98b635 130734 debian-installer extra gpgv-udeb_1.4.12-7+deb7u7_amd64.udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJU/HuHAAoJEK+lG9bN5XPLOxoP/Rfm9JTDRxXpxx92UITduloK
WV1o8/Ad4RbaHoerUETjoWKqIRZ+8nrHNXWQIH1Wrl9eYlnf86fjUY0j+A6p5juR
GbFSwolFk8TA1+r8kTQVzWhIrtY3gnO3OA2F/rflwojZYmXtRj7TBaI/D1VBXkjx
nxg20X7r/mo8EmT1ccRGlDhqxFleL+dqnBOzesSqdaDXvgkSrvyibfX0cSznzrDq
81m687pbuGbFUfQ1xz9pNOU7JqDY5aFPgbDI9+WZsxu78suooNZ73LMssOXio5NZ
7xIU+P8Ngnf6icIccSRl/jT8SRtcroNnPgfm6Eqn1IqXu0j5V5QIrmE6elL1TzYC
oHrduQvfsonpSWPB8Wr0UaOc2LS6ETk+aWhNxNXxrzoawsIaTvE6FQk50MnHn+mZ
OTnmbkhi/0yLxusDOhaq3rOm96qqqLr/Xvkxy82musuxmjRo3y2k1/TycHmpj/pD
V34FGuruj6Z1EF5+m1ct+5jlOEud6Ds6ZsgbEUALPJUMA1EvgBqtMQqe6CsGpZmF
xaR9VR0fL8eTTMHaIJl7N0vWaYNJWHjAHrF+UN4js1TPjBMYOAIJ256Lr2J097x9
CuWC+1KGbKeS+X1AhilUgE69Q2hi7bN0LxrtgGrp1BH7aEDp6FtxEWYj+jGnOfwa
fcJbDt+0XzmfN5tVUVUs
=QvA8
-----END PGP SIGNATURE-----
Reply to: