Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1

To: Salvatore Bonaccorso <carnil@debian.org>, 834327@bugs.debian.org
Subject: Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Mon, 15 Aug 2016 14:59:43 +0200
Message-id: <[🔎] 20160815125943.ihfkqpm2gpcqutpi@aurel32.net>
Reply-to: Aurelien Jarno <aurelien@aurel32.net>, 834327@bugs.debian.org
In-reply-to: <[🔎] 147118320112.2113.4578147884579144942.reportbug@eldamar.local>
References: <[🔎] 147118320112.2113.4578147884579144942.reportbug@eldamar.local>

On 2016-08-14 16:00, Salvatore Bonaccorso wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian.org@packages.debian.org
> Usertags: pu
> 
> Dear SRM
> 
> I would like to propose the following hardening to src:gnupg2 which was
> found during the analysis of a vulnerability report to the security team
> and related to
> https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf
> and developed by NIIBE Yutaka. The underlying problem in hardware cannot
> be solved in software (and thus we don't want to issue a DSA for it, and
> give possibly this false impression), and as pointed out by Florian

I wonder if it would be a good idea to release an announcement without
any software change recommending people to not enable KSM on their
hosts?

Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net

Reply to:

References:
- Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1
Next by Date: Bug#834419: jessie-pu: package glibc/2.19-18+deb8u6
Previous by thread: Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1
Next by thread: Re: Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1
Index(es):
- Date
- Thread