Package: libgmp10 Version: 2:5.0.3+dfsg-1 Severity: grave File: libgmp Tags: upstream
Date: Tue, 31 Jan 2012 10:31:41 +0100 From: Torbjorn Granlund <t...@gmplib.org> To: gmp-annou...@gmplib.org Subject: Buffer overrun in GMP 5.0.3 We have a buffer overrun in GMP 5.0.3, furthermore the functions affected are mpz_powm_sec and mpn_powm_sec, i.e. GMP's modexp functions specifically recommended for cryptographic applications. Extra safe turned extra unsafe with this release. We will make a new release before the end of this week. Only GMP 5.0.3 is affected; earlier GMP releases did not have this bug. We apologise for the problems this creates. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libgmp10 depends on: ii libc6 2.13-26 ii multiarch-support 2.13-26 libgmp10 recommends no packages. libgmp10 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
