Re: Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1

To: debian-release@lists.debian.org
Subject: Re: Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Wed, 17 Aug 2016 23:51:14 +0200
Message-id: <[🔎] slrnnr9n2i.nqk.jmm@inutil.org>
References: <[🔎] 147118320112.2113.4578147884579144942.reportbug@eldamar.local> <20160815125943.ihfkqpm2gpcqutpi__15273.0018985041$1471266281$gmane$org@aurel32.net>

Aurelien Jarno <aurelien@aurel32.net> schrieb:
> On 2016-08-14 16:00, Salvatore Bonaccorso wrote:
>> Package: release.debian.org
>> Severity: normal
>> Tags: jessie
>> User: release.debian.org@packages.debian.org
>> Usertags: pu
>> 
>> Dear SRM
>> 
>> I would like to propose the following hardening to src:gnupg2 which was
>> found during the analysis of a vulnerability report to the security team
>> and related to
>> https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf
>> and developed by NIIBE Yutaka. The underlying problem in hardware cannot
>> be solved in software (and thus we don't want to issue a DSA for it, and
>> give possibly this false impression), and as pointed out by Florian
>
> I wonder if it would be a good idea to release an announcement without
> any software change recommending people to not enable KSM on their
> hosts?

I think a NEWS file for the kernel would be best?

Cheers,
        Moritz

Reply to:

References:
- Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Processed: Re: Bug#834326: jessie-pu: package gnupg/1.4.18-7+deb8u2
Next by Date: Bug#834745: jessie-pu: package dwarfutils/20120410-2+deb8u1
Previous by thread: Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1
Next by thread: Bug#834419: jessie-pu: package glibc/2.19-18+deb8u6
Index(es):
- Date
- Thread