Your message dated Sat, 27 Jul 2013 07:03:01 +0000 with message-id <e1v2ywr-0004x1...@franck.debian.org> and subject line Bug#717880: fixed in gnupg 1.4.14-1 has caused the Debian Bug report #717880, regarding gnupg: CVE-2013-4242: Yarom/Falkner flush+reload side-channel attack on RSA secret keys to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 717880: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: gnupg Version: 1.4.12-7 Severity: critical Tags: security Justification: root security hole Hi. There is a fix available upstream for the Yarom/Falkner flush+reload side-channel attack. See this announcement: http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html Cheers, Chris.
--- End Message ---
--- Begin Message ---Source: gnupg Source-Version: 1.4.14-1 We believe that the bug you reported is fixed in the latest version of gnupg, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 717...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thijs Kinkhorst <th...@debian.org> (supplier of updated gnupg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 25 Jul 2013 21:50:32 +0200 Source: gnupg Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb gpgv-win32 Architecture: source all amd64 Version: 1.4.14-1 Distribution: unstable Urgency: low Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-ma...@lists.alioth.debian.org> Changed-By: Thijs Kinkhorst <th...@debian.org> Description: gnupg - GNU privacy guard - a free PGP replacement gnupg-curl - GNU privacy guard - a free PGP replacement (cURL) gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb) gpgv - GNU privacy guard - signature verification tool gpgv-udeb - minimal signature verification tool (udeb) gpgv-win32 - GNU privacy guard - signature verification tool (win32 build) Closes: 399904 691392 717845 717880 Changes: gnupg (1.4.14-1) unstable; urgency=low . * New upstream release (closes: #717845). - Adds IDEA support. Update package description. - Fixes security issue: side channel attack on RSA. (CVE-2013-4242, closes: #717880). - Fixes list-keys hanging at ctrl-C (closes: #399904). * Add more smartcard reader udev rules, thanks Niibe Yutaka (closes: #691392). * Checked for policy 3.9.4, no changes. Checksums-Sha1: 2c5d6f1e4b560024285937051cdf6f48d0d1042b 1968 gnupg_1.4.14-1.dsc 607691dd42a24f39fd74dded20375c4c0bc47d2c 5086642 gnupg_1.4.14.orig.tar.gz f94d2989817c0d95a14f811aac042a5c4b7f1616 26999 gnupg_1.4.14-1.debian.tar.gz 0ae420ba21032b3f26f8be127df8cac514320170 654154 gpgv-win32_1.4.14-1_all.deb 8709e80ffdd2bbaae202e755763a85c7ec5875e2 1987166 gnupg_1.4.14-1_amd64.deb 9fddb346225bdbe0aceaf088b4c9a4970082391a 63826 gnupg-curl_1.4.14-1_amd64.deb 05d613d3a6017cf91fc80836a56b595dbe5d25f8 225636 gpgv_1.4.14-1_amd64.deb fae81c5b5727533b0db2a623060d75a74cbc366c 353582 gnupg-udeb_1.4.14-1_amd64.udeb 1740a9666dc8bc19a495586026cfed78d791ac22 130310 gpgv-udeb_1.4.14-1_amd64.udeb Checksums-Sha256: 72973397a4e80e9997e547d4abc11b99af7ded38fa14d9be5a4ea183dae61e3d 1968 gnupg_1.4.14-1.dsc 03ea5dfea5063f0a5990331a359d27b45ebce35cfe3776f88455ef826cbbf64f 5086642 gnupg_1.4.14.orig.tar.gz 3db12fcb3ea8b00b1b0852a60d63a2da5c74066aaa9136f155ea164f394bbe9f 26999 gnupg_1.4.14-1.debian.tar.gz 6f980424cdbf40d3a00f13f33fd0873ed5cf8d5f9d1e56af109e66d78da11846 654154 gpgv-win32_1.4.14-1_all.deb 3cb24f6d913828ae52ba1f7234ae9d473aef370419df809db3ae841faa8c43c8 1987166 gnupg_1.4.14-1_amd64.deb b32c18598d53d048554ba7552713c93514c6e06d9d782371b2f3064ebfc7f36e 63826 gnupg-curl_1.4.14-1_amd64.deb bd55613026c620f47677b6236eb0b9cd69abd28037199ae7c1cce815c79ba51f 225636 gpgv_1.4.14-1_amd64.deb 2f9ae3cb57ca74072ad8c0d28005ce5e84e6c06db2c3ca12e643057f9ca8df39 353582 gnupg-udeb_1.4.14-1_amd64.udeb c21482722fe6f2e729c66d905625a61efd8e6b50719cb54af7a0375f99853481 130310 gpgv-udeb_1.4.14-1_amd64.udeb Files: e37a17dce947a309e31908fa05ecbf16 1968 utils important gnupg_1.4.14-1.dsc 63f43ee0b5734a97c2c791428e1d8062 5086642 utils important gnupg_1.4.14.orig.tar.gz 84d303ce1b183ee120b6c5d885429c62 26999 utils important gnupg_1.4.14-1.debian.tar.gz 93a94edb666e4b39dbbe85511ca2e00f 654154 utils extra gpgv-win32_1.4.14-1_all.deb 22901fc90e329155f02f13da3f8c86e3 1987166 utils important gnupg_1.4.14-1_amd64.deb adf8c0a2f039ad339742b7058b038031 63826 utils optional gnupg-curl_1.4.14-1_amd64.deb e013e08bb53f4d27b15459e629429024 225636 utils important gpgv_1.4.14-1_amd64.deb d7456e8e3df15047a0779237239e8d9f 353582 debian-installer extra gnupg-udeb_1.4.14-1_amd64.udeb 703292ff74e83ca2078bb8ba3328bb34 130310 debian-installer extra gpgv-udeb_1.4.14-1_amd64.udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQEcBAEBAgAGBQJR8287AAoJEFb2GnlAHawEpPAIAJ0mKQPIaS56xgacwX87KQ6+ gNnHA2VRl7HEqU1wdS82tybWFkPzVP3IqJYh6+bwlQCg/33m6QdpFCIc5LAJRSbS Ewe+o+HGLeVGY7bxzX93a/YiU2NiSUfrsk6MDYHDFFKOn7xWmUiHAK3G7P38X1Cg zxqgFl/wZ+pFH6Jt2wqOuQeY3RFvM3nkURmCGmWpPdmbxCHqPs9Dgc8pF6nCAvea Mrjn2ao/eRoulKyPp05vwHdmtvRrx5kv2kNo2YL+eNt86i3vTt+BcCapnsqheqik pj4+YsnrUPm5GL7zP/I4/RJs975SEqFEMonuoqyuYGHvQTthaoKbsZ7XUSfAiso= =Ui8n -----END PGP SIGNATURE-----
--- End Message ---
