Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1
On 2016-08-14 16:00, Salvatore Bonaccorso wrote:
> Package: release.debian.org
> Severity: normal
> Tags: jessie
> User: release.debian.org@packages.debian.org
> Usertags: pu
>
> Dear SRM
>
> I would like to propose the following hardening to src:gnupg2 which was
> found during the analysis of a vulnerability report to the security team
> and related to
> https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf
> and developed by NIIBE Yutaka. The underlying problem in hardware cannot
> be solved in software (and thus we don't want to issue a DSA for it, and
> give possibly this false impression), and as pointed out by Florian
I wonder if it would be a good idea to release an announcement without
any software change recommending people to not enable KSM on their
hosts?
Aurelien
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://www.aurel32.net
Reply to: