Your message dated Fri, 13 Mar 2015 22:02:04 +0000
with message-id <[email protected]>
and subject line Bug#778652: fixed in gnupg 1.4.12-7+deb7u7
has caused the Debian Bug report #778652,
regarding CVE-2015-1606 CVE-2015-1607 -- multiple issues found in GnuPG 
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
778652: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778652
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gnupg2
Version: 2.0.14-2
Tags: security
Control: notfound -1 2.1.2-1

Several coding errors were discovered in GnuPG 2.0 lately by Hanno Böck
as part of the Fuzzing Project:

  
https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html

These changes are in upstream git, but have not been rolled into an
official release yet, except for 2.1.2 on the upstream "modern" branch.

I believe they go back as far as the version in squeeze, possibly
farther.

         --dkg

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message ---
Source: gnupg
Source-Version: 1.4.12-7+deb7u7

We believe that the bug you reported is fixed in the latest version of
gnupg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alessandro Ghedini <[email protected]> (supplier of updated gnupg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 04 Mar 2015 18:46:34 +0100
Source: gnupg
Binary: gnupg gnupg-curl gpgv gnupg-udeb gpgv-udeb gpgv-win32
Architecture: source all amd64
Version: 1.4.12-7+deb7u7
Distribution: wheezy-security
Urgency: high
Maintainer: Debian GnuPG-Maintainers <[email protected]>
Changed-By: Alessandro Ghedini <[email protected]>
Description: 
 gnupg      - GNU privacy guard - a free PGP replacement
 gnupg-curl - GNU privacy guard - a free PGP replacement (cURL)
 gnupg-udeb - GNU privacy guard - a free PGP replacement (udeb)
 gpgv       - GNU privacy guard - signature verification tool
 gpgv-udeb  - minimal signature verification tool (udeb)
 gpgv-win32 - GNU privacy guard - signature verification tool (win32 build)
Closes: 778652
Changes: 
 gnupg (1.4.12-7+deb7u7) wheezy-security; urgency=high
 .
   * Use ciphertext blinding for Elgamal decryption to counteract a
     side-channel attack as per CVE-2014-3591
   * Fix data-dependent timing variations in the modular exponentiation
     function that could be used to mount a side-channel attack as per
     CVE-2015-0837
   * Fix a use-after-free when importing a garbled keyring file
     as per CVE-2015-1606 (Closes: #778652)
Checksums-Sha1: 
 d3ef8848a37897e81bee18af4da865ca4b6e9168 2322 gnupg_1.4.12-7+deb7u7.dsc
 e21c7139d23201b004f7b259968d45f0eca37f33 120475 
gnupg_1.4.12-7+deb7u7.debian.tar.gz
 df8a0ef18df0fb86167128ac6c31d6709c2f9c6b 617064 
gpgv-win32_1.4.12-7+deb7u7_all.deb
 c03f15e5ee0fba0b77a51e063db87708aee0e422 1956126 
gnupg_1.4.12-7+deb7u7_amd64.deb
 bc5c60462be7702988e083cf68c7f8edfcb962a5 64308 
gnupg-curl_1.4.12-7+deb7u7_amd64.deb
 8dae53bc42d1f35054ce35124da8b92f6097f1c2 228244 gpgv_1.4.12-7+deb7u7_amd64.deb
 dbe121bae44db6eb6108311f41997c4ede1178b2 354018 
gnupg-udeb_1.4.12-7+deb7u7_amd64.udeb
 5d32171182e956f8277d44378b1623bbeae23110 130734 
gpgv-udeb_1.4.12-7+deb7u7_amd64.udeb
Checksums-Sha256: 
 edf571e8ebcdb13404c347d5e51041814eb3d1b1b1d9d02e4b18e84b1c90f831 2322 
gnupg_1.4.12-7+deb7u7.dsc
 0f9b3f60f6f3d3925f30cef59bdee2fdf3e06930cd00b396f4338b14aee0aa82 120475 
gnupg_1.4.12-7+deb7u7.debian.tar.gz
 27760f636f6dbfe387dfbede1131fe7a0dd5fd3b0ab562213193ffa7cfcadfb5 617064 
gpgv-win32_1.4.12-7+deb7u7_all.deb
 2920249908a8297f85006def6a55fb99abfcc8466cac2b9f28d01ce8315df065 1956126 
gnupg_1.4.12-7+deb7u7_amd64.deb
 b626c3320c0ba2c41c5214bf8175c713f3713cc393e9361a977dc0202c197875 64308 
gnupg-curl_1.4.12-7+deb7u7_amd64.deb
 8361f45f51a7e70e3367e5b2df59fa8defc8648a76afa4159da3f249460f5b33 228244 
gpgv_1.4.12-7+deb7u7_amd64.deb
 dd7230f9d025c47e8c94e4101e2970e94aed50ec0c65801f9c7cd0a03d6723e1 354018 
gnupg-udeb_1.4.12-7+deb7u7_amd64.udeb
 4abcb1191d8a3e58d88fb56084f9d784255ba68c767babc3c2819b7a1a689b78 130734 
gpgv-udeb_1.4.12-7+deb7u7_amd64.udeb
Files: 
 6bcf197234014e47eaef8fde4c1f1353 2322 utils important gnupg_1.4.12-7+deb7u7.dsc
 253640158f60258ba671108df2dd5382 120475 utils important 
gnupg_1.4.12-7+deb7u7.debian.tar.gz
 5f15f3ac2f586b95ab21c3f83fd1bf35 617064 utils extra 
gpgv-win32_1.4.12-7+deb7u7_all.deb
 17916456c6e84c434205bad15e98e902 1956126 utils important 
gnupg_1.4.12-7+deb7u7_amd64.deb
 56699ccfefc9bb6c39325d746363c018 64308 utils optional 
gnupg-curl_1.4.12-7+deb7u7_amd64.deb
 91a07e1a42703f0ce59c4a1de60e961d 228244 utils important 
gpgv_1.4.12-7+deb7u7_amd64.deb
 6d90567115ee873d4ce6c87991cfaed0 354018 debian-installer extra 
gnupg-udeb_1.4.12-7+deb7u7_amd64.udeb
 2fda838d1101cc202ddd087c8c98b635 130734 debian-installer extra 
gpgv-udeb_1.4.12-7+deb7u7_amd64.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJU/HuHAAoJEK+lG9bN5XPLOxoP/Rfm9JTDRxXpxx92UITduloK
WV1o8/Ad4RbaHoerUETjoWKqIRZ+8nrHNXWQIH1Wrl9eYlnf86fjUY0j+A6p5juR
GbFSwolFk8TA1+r8kTQVzWhIrtY3gnO3OA2F/rflwojZYmXtRj7TBaI/D1VBXkjx
nxg20X7r/mo8EmT1ccRGlDhqxFleL+dqnBOzesSqdaDXvgkSrvyibfX0cSznzrDq
81m687pbuGbFUfQ1xz9pNOU7JqDY5aFPgbDI9+WZsxu78suooNZ73LMssOXio5NZ
7xIU+P8Ngnf6icIccSRl/jT8SRtcroNnPgfm6Eqn1IqXu0j5V5QIrmE6elL1TzYC
oHrduQvfsonpSWPB8Wr0UaOc2LS6ETk+aWhNxNXxrzoawsIaTvE6FQk50MnHn+mZ
OTnmbkhi/0yLxusDOhaq3rOm96qqqLr/Xvkxy82musuxmjRo3y2k1/TycHmpj/pD
V34FGuruj6Z1EF5+m1ct+5jlOEud6Ds6ZsgbEUALPJUMA1EvgBqtMQqe6CsGpZmF
xaR9VR0fL8eTTMHaIJl7N0vWaYNJWHjAHrF+UN4js1TPjBMYOAIJ256Lr2J097x9
CuWC+1KGbKeS+X1AhilUgE69Q2hi7bN0LxrtgGrp1BH7aEDp6FtxEWYj+jGnOfwa
fcJbDt+0XzmfN5tVUVUs
=QvA8
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to