Thank you for your attention to detail. CVE-2017-7526 was fixed in USN-3347-1 and -2 by patching the libgcrypt20 and libgcrypt11 source packages:
https://usn.ubuntu.com/3347-1/ https://usn.ubuntu.com/3347-2/ You can track our work per-cve on https://people.canonical.com/~ubuntu- security/cve/2017/CVE-2017-7526.html and similar pages, which will show the source packages that may be affected by any given CVE. Thanks ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7526 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnupg in Ubuntu. https://bugs.launchpad.net/bugs/1785176 Title: GnuPG 1.4.23 released on 2018-06-11, addresses CVE-2017-7526 Status in gnupg package in Ubuntu: New Bug description: According to the information at the GnuPG Web site (https://www.gnupg.org/), GnuPG 1.4.23 was released on 2018-06-11 "to address the critical security bug CVE-2017-7526." https://www.gnupg.org/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526 In addition, according to the information on the GnuPG news page (https://www.gnupg.org/news.html) GnuPG 1.4.22 was released on 2017-07-19 "to address the recently published local side channel attack CVE-2017-7526." https://www.gnupg.org/news.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526 On the same page, it is mentioned that GnuPG 1.4.21 was released around 2016-08-17 to address the issue in CVE-2016-6313. https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html (Note that the CVE id in the message is not correct) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313 The changelog for the gnupg package version 1.4.20-1ubuntu3.2 mentions fixes for CVE-2018-12020 and CVE-2016-6313. There is no mention of CVE-2017-7526. http://changelogs.ubuntu.com/changelogs/pool/main/g/gnupg/gnupg_1.4.20-1ubuntu3.2/changelog Your attention to this issue is appreciated. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/1785176/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
