Package: gnupg2 Version: 2.0.19-1 Severity: important Control: forwarded -1 https://lists.gnupg.org/pipermail/gnupg-users/2015-May/053685.html Control: fixed -1 2.0.23-1 Tags: patch upstream User: pkg-gnupg-ma...@lists.alioth.debian.org Usertags: ecc wheezy
NIIBE Yutaka points out a potential DoS issue with : > Another compatibility issue with ECC was reported to gnupg-users, > and this is my post (the context is Ubuntu with GnuPG 2.0.22): > > https://lists.gnupg.org/pipermail/gnupg-users/2015-May/053685.html > > The situation is a bit complicated. It depends on libgcrypt. In > GnuPG 2.0.23, it introduced compatibility work around to disables ECC > (even when libgcrypt supports ECC). > > I think that squeeze-lts doesn't have this problem since libgcrypt in > sqeeze-lts doesn't have ECC feature. wheezy-backports doesn't have > this problem because its GnuPG is 2.0.25. > > wheezy has this particular issue because it's libgcrypt is new and > GnuPG is old. This is probably something that we should fix in a wheezy point release, if there is going to be another one. The upstream patch (applicable between versions 2.0.22 and 2.0.23 is at http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=6286d01ba33b963be30fbb4fba6f35f1b05acd17 I'm looking into what it would take to backport this to our 2.0.19 wheezy branch. --dkg -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org