Well, the first commit just limits the key generation size. I'm fine with that, but breaking GnuPG for _currently_ used keys it's a totally different matter. I have been using this key for a while (let's say, a year and a half?) without any problems. This, for me, is clearly a regression. The second bug doesn't really explain anything about this specific case, as the Ubuntu package broke only with the latest security update. So, my question is: is there a way to fix CVE-2014-5270 _and_ retain compatibility with currently used keys?
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-5270 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1371766 Title: Latest CVE-2014-5270 patch breaks ElGamal keys of 16k To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/1371766/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
