Your message dated Thu, 01 Aug 2013 19:17:06 +0000 with message-id <e1v4yn0-0003pf...@franck.debian.org> and subject line Bug#717880: fixed in gnupg 1.4.12-7+deb7u1 has caused the Debian Bug report #717880, regarding gnupg: CVE-2013-4242: Yarom/Falkner flush+reload side-channel attack on RSA secret keys to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 717880: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: gnupg Version: 1.4.12-7 Severity: critical Tags: security Justification: root security hole Hi. There is a fix available upstream for the Yarom/Falkner flush+reload side-channel attack. See this announcement: http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html Cheers, Chris.
--- End Message ---
--- Begin Message ---Source: gnupg Source-Version: 1.4.12-7+deb7u1 We believe that the bug you reported is fixed in the latest version of gnupg, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 717...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thijs Kinkhorst <th...@debian.org> (supplier of updated gnupg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 28 Jul 2013 12:58:25 +0200 Source: gnupg Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb gpgv-win32 Architecture: source all amd64 Version: 1.4.12-7+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-ma...@lists.alioth.debian.org> Changed-By: Thijs Kinkhorst <th...@debian.org> Description: gnupg - GNU privacy guard - a free PGP replacement gnupg-curl - GNU privacy guard - a free PGP replacement (cURL) gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb) gpgv - GNU privacy guard - signature verification tool gpgv-udeb - minimal signature verification tool (udeb) gpgv-win32 - GNU privacy guard - signature verification tool (win32 build) Closes: 717880 Changes: gnupg (1.4.12-7+deb7u1) wheezy-security; urgency=high . * Apply upstream patch to fix side channel attack on RSA (CVE-2013-4242, closes: #717880). Checksums-Sha1: 7b51463f6c49c9a98c683bea1e60482f6641ae24 1990 gnupg_1.4.12-7+deb7u1.dsc 790587e440ec7d429b120db7a96a237badc638fd 4939171 gnupg_1.4.12.orig.tar.gz e984643f4a06c2b0229d99c6d052d18f47b92b03 94139 gnupg_1.4.12-7+deb7u1.debian.tar.gz 7c9f20c17074af87334fb22110f1d34c230422d4 613232 gpgv-win32_1.4.12-7+deb7u1_all.deb 52bb3dceec518056be08ebe13c9d8d0ac29c28b3 1952292 gnupg_1.4.12-7+deb7u1_amd64.deb 95325f35bb1628e4360667c07e34d7883055e3d4 63774 gnupg-curl_1.4.12-7+deb7u1_amd64.deb 28f8b0426d5d73a59c7d8e11cda8f8440512cc30 226100 gpgv_1.4.12-7+deb7u1_amd64.deb 9c1d414d77582938af4023762faf2c0379281266 352530 gnupg-udeb_1.4.12-7+deb7u1_amd64.udeb 60d61e6e382372a19384b65837cea378b261d41e 129480 gpgv-udeb_1.4.12-7+deb7u1_amd64.udeb Checksums-Sha256: 81a6e8b56f8143816c27040fc3577dacc57a9128bf28b085efa1b35e77161e16 1990 gnupg_1.4.12-7+deb7u1.dsc bb94222fa263e55a5096fdc1c6cd60e9992602ce5067bc453a4ada77bb31e367 4939171 gnupg_1.4.12.orig.tar.gz 77aa404dee7bb33bcbfda76cf304d0474283b8707cf0727eae3726e174bf5279 94139 gnupg_1.4.12-7+deb7u1.debian.tar.gz 11d5f1388e99b7ba54628c3d416f707a7a2f0348ee939abf26510b1914f6c577 613232 gpgv-win32_1.4.12-7+deb7u1_all.deb 56b8385bccc94c0346bfbfa08d406a326dac371b328753209f3b1206e88d8fb0 1952292 gnupg_1.4.12-7+deb7u1_amd64.deb 0e5272fd1e63c3d55b536dc54a3a498a73aa9ca999360882dd4df3bcec12d5a1 63774 gnupg-curl_1.4.12-7+deb7u1_amd64.deb 82f60f8e336c214e975c3e54d57bca975a60f7eaec3c814171a594879b4d0db1 226100 gpgv_1.4.12-7+deb7u1_amd64.deb 7f85c4227ac7c38638befab4c4cfbc4a28e604d8ad2d2f15c8b9a81f9b0fdf24 352530 gnupg-udeb_1.4.12-7+deb7u1_amd64.udeb 3ddbdc568116c56dbb33e940b2dcaf0fa740ccfceb7ee999e9bc61e1a200f4e4 129480 gpgv-udeb_1.4.12-7+deb7u1_amd64.udeb Files: fb8c1531191a17bd355eecadbf946b0a 1990 utils important gnupg_1.4.12-7+deb7u1.dsc f9a65ccd7166d3fdb084454cf7427564 4939171 utils important gnupg_1.4.12.orig.tar.gz c7dcc8db6ba4e59582bcc6217b5bae6f 94139 utils important gnupg_1.4.12-7+deb7u1.debian.tar.gz 4cc1e3eba81e93ed372661e61add0e5a 613232 utils extra gpgv-win32_1.4.12-7+deb7u1_all.deb 3858967d081b9d1c86700e1f820c7f23 1952292 utils important gnupg_1.4.12-7+deb7u1_amd64.deb 1d19eeef7f997b87053c133973d07575 63774 utils optional gnupg-curl_1.4.12-7+deb7u1_amd64.deb 8dfa7560c673d3d7144bd00791669743 226100 utils important gpgv_1.4.12-7+deb7u1_amd64.deb c07dc2f6ec1aa3a0018e6512027060b9 352530 debian-installer extra gnupg-udeb_1.4.12-7+deb7u1_amd64.udeb ac8f621221e76ae73972ce09ec36583c 129480 debian-installer extra gpgv-udeb_1.4.12-7+deb7u1_amd64.udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJR9QbGAAoJEFb2GnlAHawEYEMH/RUhQkCDpzYaiUJOvBw5pswb NRKYBJ12kNSBaWEy66COM87yUaUdTZ82NMDshP/WiCebRnEg5j1/gieRNZI1CUTg B3+/cQYckyAQktUPkdxwELGsnFab0Ma5mneXgGNjSXimQCuuGutQNKKdkKrxrtqb iD/QVvY7jPsjsJ2WG7NJBl2Bo/kG2no+v5TnSatToM3L3Ltld4SSU9pwSlcCxqzO SVEuy38vrA5F41zvV70b4gMX+TX1vRPiBSTTgxSBCyScMq0jMgNm3HL84GIktojp Sv30MqLaSZSJSzNfsZYcswTJ5GfSYV1+nu0qQgYFH6Yl5MKtkS30lGBtL61C/R8= =Gtwy -----END PGP SIGNATURE-----
--- End Message ---
