Your message dated Sat, 10 Aug 2013 15:48:14 +0000 with message-id <e1v8boo-0000nd...@franck.debian.org> and subject line Bug#717880: fixed in gnupg 1.4.10-4+squeeze2 has caused the Debian Bug report #717880, regarding gnupg: CVE-2013-4242: Yarom/Falkner flush+reload side-channel attack on RSA secret keys to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 717880: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: gnupg Version: 1.4.12-7 Severity: critical Tags: security Justification: root security hole Hi. There is a fix available upstream for the Yarom/Falkner flush+reload side-channel attack. See this announcement: http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html Cheers, Chris.
--- End Message ---
--- Begin Message ---Source: gnupg Source-Version: 1.4.10-4+squeeze2 We believe that the bug you reported is fixed in the latest version of gnupg, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 717...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thijs Kinkhorst <th...@debian.org> (supplier of updated gnupg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 28 Jul 2013 13:59:06 +0200 Source: gnupg Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb Architecture: source amd64 Version: 1.4.10-4+squeeze2 Distribution: squeeze-security Urgency: high Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-ma...@lists.alioth.debian.org> Changed-By: Thijs Kinkhorst <th...@debian.org> Description: gnupg - GNU privacy guard - a free PGP replacement gnupg-curl - GNU privacy guard - a free PGP replacement (cURL) gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb) gpgv - GNU privacy guard - signature verification tool gpgv-udeb - minimal signature verification tool (udeb) Closes: 717880 Changes: gnupg (1.4.10-4+squeeze2) squeeze-security; urgency=high . * Apply upstream patch to fix side channel attack on RSA (CVE-2013-4242, closes: #717880). Checksums-Sha1: 1396b863f546a59d42e3ddb06d53a05c84fe21ba 1737 gnupg_1.4.10-4+squeeze2.dsc f26f7050e3a286e0d65464967ef3c07dbdc9e490 31433 gnupg_1.4.10-4+squeeze2.diff.gz 2e9ee139fdb0086d197629f0506ad203b47b804c 2147892 gnupg_1.4.10-4+squeeze2_amd64.deb 6ac1a2df090c7da7039d8f08bfca1954d52dcef3 74768 gnupg-curl_1.4.10-4+squeeze2_amd64.deb d6ce4ad428e9962ce97ceafdec788b256e8c3f6a 221740 gpgv_1.4.10-4+squeeze2_amd64.deb b7b1e8a91cb7b0b80cef0e606d292a1c3d9587f6 413318 gnupg-udeb_1.4.10-4+squeeze2_amd64.udeb d0b9a91837e95bc3e719d17fe5c9f5fe87dee596 149534 gpgv-udeb_1.4.10-4+squeeze2_amd64.udeb Checksums-Sha256: 5557a6edd6d0fff667f4cc94a03079ba346620a12d5c9f73075c4afce41cb07b 1737 gnupg_1.4.10-4+squeeze2.dsc ad8bd27d9148c4bcc70a504f5083aca5f983563de8186cfd5efd61dd6d05c3a2 31433 gnupg_1.4.10-4+squeeze2.diff.gz a4d925bc7530ff1bdb568ceecd7e268321d953e73a6108b064345564dd836a21 2147892 gnupg_1.4.10-4+squeeze2_amd64.deb 4c595393ca8eb09c56c77ebca248e5cf2961ffba5e784f306b4106588d8681f1 74768 gnupg-curl_1.4.10-4+squeeze2_amd64.deb 6115c808954f115978d8f84a992c192b9a912fc4e89d4aa8cd4ca46dfcbc17c1 221740 gpgv_1.4.10-4+squeeze2_amd64.deb 45daa272a6a0aea932edd374527dc7f2a58a917d9b58e87b20eddc30d0ef5d1d 413318 gnupg-udeb_1.4.10-4+squeeze2_amd64.udeb 1177bbf1375f440353902b7fc32d4db99de04c86002234ba0db6b5589cd53b1e 149534 gpgv-udeb_1.4.10-4+squeeze2_amd64.udeb Files: 145f5e7f7895d7d46b75b56d6e3c7afb 1737 utils important gnupg_1.4.10-4+squeeze2.dsc 7299e0526f0f508cf6fcce2b2b425c67 31433 utils important gnupg_1.4.10-4+squeeze2.diff.gz 80cee9937fa2a95fb7a40c7390120473 2147892 utils important gnupg_1.4.10-4+squeeze2_amd64.deb 491fea846bfe9f4ce25bf423725f058b 74768 utils optional gnupg-curl_1.4.10-4+squeeze2_amd64.deb 3388f05a25f74feca0b4e44db5fb08de 221740 utils important gpgv_1.4.10-4+squeeze2_amd64.deb 615457ac9e076bc71f841c91f781f9a1 413318 debian-installer extra gnupg-udeb_1.4.10-4+squeeze2_amd64.udeb c00b1d6293d764854ba0d48483e6e843 149534 debian-installer extra gpgv-udeb_1.4.10-4+squeeze2_amd64.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJR9QpJAAoJEFb2GnlAHawEcPoIAJWshjpnA3VWzAxRiwH4TOep i1dITa5ycJazVEuuYeOd6diz3lz43e+Pm56E64P5nXjjiwIh8nbjJqOsmFPoXvkh UTE3pjJQBu7x55KkdOWTnFd03SmYk2JX4vfKe8mC4OBZ0eBYxAVqu6hZkZkSyseS BW2PzSpbOiXOx6q3QoPW1adm5d09EWMaO3Fr9kL2+otcecH+86ubfoWFj45IVDSF 6LQSbdwKDf8+4uCmD7+sehW2rqObzhVDzg/CAE/1VqTdJJCOMldUPrF1NTFUVs9i WGsShfLs9g81t9XICc/fZdfXsjNhXEUCb1COroM88zfkxLrBfCRIKbDBDqWtOww= =dw+1 -----END PGP SIGNATURE-----
--- End Message ---
