Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1

To: Salvatore Bonaccorso <carnil@debian.org>, 834327@bugs.debian.org
Subject: Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 02 Sep 2016 18:57:12 +0100
Message-id: <[🔎] 1472839032.1009.12.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 834327@bugs.debian.org
In-reply-to: <147118320112.2113.4578147884579144942.reportbug@eldamar.local>
References: <147118320112.2113.4578147884579144942.reportbug@eldamar.local>

Control: tags -1 + moreinfo

On Sun, 2016-08-14 at 16:00 +0200, Salvatore Bonaccorso wrote:
> I would like to propose the following hardening to src:gnupg2 which was
> found during the analysis of a vulnerability report to the security team
> and related to
> https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf
> and developed by NIIBE Yutaka. The underlying problem in hardware cannot
> be solved in software (and thus we don't want to issue a DSA for it, and
> give possibly this false impression), and as pointed out by Florian
> there are some other open questions regarding the paper and the attacks
> described there.

I'd like to treat this and the corresponding gnupg update as a unit
(taking both or neither) so holding for now.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Processed: Re: Bug#833345: jessie-pu: package piuparts/0.62+deb8u1
Next by Date: Processed: Re: Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1
Previous by thread: Processed: Re: Bug#833345: jessie-pu: package piuparts/0.62+deb8u1
Next by thread: Processed: Re: Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1
Index(es):
- Date
- Thread