Package: gnupg Version: 1.4.12-7.1 Severity: normal Tags: security http://www.gnupg.org/download/ suggests that 1.4.14 is available from upstream. debian only has 1.4.12.
According to http://lists.gnupg.org/pipermail/gnupg-announce/2012q4/000319.html, 1.4.13 contains the following changes: * Add support for the old cipher algorithm IDEA. * Minor bug fixes. * Small changes to better cope with future OpenPGP and GnuPG features. and according to http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html 1.4.14 contains the following changes: * Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. See <http://eprint.iacr.org/2013/448>. * Fixed IDEA for big-endian CPUs * Improved the diagnostics for failed keyserver lockups. * Minor bug and portability fixes. I'm tagging this with "security" because of the security fix in 1.4.14. Regards, --dkg -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.9-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gnupg depends on: ii dpkg 1.16.10 ii gpgv 1.4.12-7 ii install-info 5.1.dfsg.1-4 ii libbz2-1.0 1.0.6-4 ii libc6 2.17-7 ii libreadline6 6.2+dfsg-0.1 ii libusb-0.1-4 2:0.1.12-23.2 ii zlib1g 1:1.2.8.dfsg-1 Versions of packages gnupg recommends: ii gnupg-curl 1.4.12-7.1 ii libldap-2.4-2 2.4.31-1+nmu2 Versions of packages gnupg suggests: ii eog 3.8.2-1 pn gnupg-doc <none> ii libpcsclite1 1.8.8-3 ii xloadimage 4.1-21 -- debconf-show failed -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

