-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libtomcrypt Version : 1.17-3.2+deb7u1 CVE ID : CVE-2016-6129
It was discovered that the implementation of RSA signature verification in libtomcrypt is vulnerable to the Bleichenbacher signature attack. If an RSA key with exponent 3 is used it may be possible to forge a PKCS#1 v1.5 signature signed by that key. For Debian 7 "Wheezy", these problems have been fixed in version 1.17-3.2+deb7u1. We recommend that you upgrade your libtomcrypt packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer - Debian developer -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXz0OwAAoJEFJi5/9JEEn+YawQALdWdn1k3ScW6bJubCEFe9+0 QDxAqf/OkUK9luZ4wxe4fVdbm1M8r4204Qkh2ljYyMlr6ueRcW7R1UoXm9OUuhYX zcHUaYNuKTCYocihMSv1yYwfjl+tH2WNTtfltOv5+rdJcgd3UHHi/A5bUI2DNM0Q ED14FqntEQjG1l7o/CHijJZGFkKLt+FyEG5zkvgHbkF7KqwtaN8fbCfnPEMtRCRB JmEb8uIeqyAthpAoEIOUtxW3Y7wtRKALtI9/PsdbcDVej/7TdKaiA1TmDONkExLb wotkMXPe91/qYcDpZeH0AizKJXQTSae66REGD54MzpmoTkBr2R05psmanapoduRD 8sBzjg63gsi7SS7scZeYvJ2YjQfJ+rT/YU5HgcLBgsdEU8sZZANsxNe85SatcoUu CzUc0/4nHD+vAn1mGrExvguP01PjiMVSIXzN6SpN9/8Q7I161j7HvDbT/N5ryx5N ryR2DiXVrO1yxSPypkUdg/k3kyZ07VVnSV7zE/Z1n7oG+TuQjLCQ9PS0Jpdvj+xq n1oNbIoS8mNoUqUenZ7tcHPlLHmjDK7a+aMxyuyUFYq3b/Ng+oWVKcAEWu5vx8fc WHXAR4+OdS5vlDelbzsd/0vL1y63sCpF0gxd/aSNgWVHypgpneyWtIvK1W64iPb+ E9WjcC2EsA0PI2Gt3U/e =27/v -----END PGP SIGNATURE-----