Hi everyone, I've prepared an upload for LTS to fix the following issues:
* Avoid infinite loop in incompressing garbled packets. * Fix for CVE-2014-5270: side-channel attacks on Elgamal encryption subkeys. * Filter responses from keyservers to ensure that only keys that were requested are actually imported. As gnupg is a fairly important package, I'd appreciate it if a couple of other people could give it a whirl. The packages are available from: http://people.debian.org/~mpalmer/gnupg/ I've signed the .dsc and .changes with my Debian key, so you can verify that they're legit. I've only got amd64 packages up there; if you're running i386, I assume you know how to build your own. I'm intending on uploading the package at 2014-09-13 0000 GMT (a little over 24 hours from the time I'm writing this message) unless I get some sort of indication that the package is not behaving appropriately. So, if you do find any regressions, or you can still reproduce any of the above issues with the fixed packages, please let me know before then. - Matt
signature.asc
Description: Digital signature