Bug#834327: jessie-pu: package gnupg2/2.0.26-6+deb8u1
Hi Adam,
On Fri, Sep 02, 2016 at 09:11:21PM +0100, Adam D. Barratt wrote:
> Control: tags -1 -moreinfo +confirmed
>
> On Fri, 2016-09-02 at 18:57 +0100, Adam D. Barratt wrote:
> > Control: tags -1 + moreinfo
> >
> > On Sun, 2016-08-14 at 16:00 +0200, Salvatore Bonaccorso wrote:
> > > I would like to propose the following hardening to src:gnupg2 which was
> > > found during the analysis of a vulnerability report to the security team
> > > and related to
> > > https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf
> > > and developed by NIIBE Yutaka. The underlying problem in hardware cannot
> > > be solved in software (and thus we don't want to issue a DSA for it, and
> > > give possibly this false impression), and as pointed out by Florian
> > > there are some other open questions regarding the paper and the attacks
> > > described there.
> >
> > I'd like to treat this and the corresponding gnupg update as a unit
> > (taking both or neither) so holding for now.
>
> As that was confirmed, please go ahead.
Thanks! Uploaded.
Regards,
Salvatore
Reply to: