Package : libgcrypt11 Version : 1.4.5-2+squeeze2 CVE ID : CVE-2014-5270 Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack (see http://www.cs.tau.ac.il/~tromer/handsoff/). This is fixed in Squeeze in version 1.4.5-2+squeeze2. We recommend that you upgrade your libgcrypt11 packages. -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature