This bug was fixed in the package gnupg - 1.4.18-6ubuntu1 --------------- gnupg (1.4.18-6ubuntu1) vivid; urgency=medium
* Resynchronise with Debian (LP: #1371766). Remaining changes: - Disable mlock() test since it fails with ulimit 0 (on buildds). - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default. - Only suggest gnupg-curl and libldap; recommendations are pulled into minimal, and we don't need the keyserver utilities in a minimal Ubuntu system. - Remove the Win32 build. - Build using dh-autoreconf. - Disable inline assembler for ppc64el. - Enable SHA-512 support in gpgv-udeb. gnupg (1.4.18-6) unstable; urgency=medium * revert to debhelper 7 * simplify upstream doc synchronization. gnupg (1.4.18-5) unstable; urgency=medium [ Daniel Kahn Gillmor ] * move to debhelper 9 * add build and runtime support for larger RSA keys (Closes: #739424) * fix runtime errors on bad input (Closes: #771987) * deprecate insecure one-argument variant for gpg --verify of detached signatures (Closes: #771992) * sync documentation with upstream. * Standards-Version: bump to 3.9.6 (no changes needed). [ David Prévot ] * Update POT and PO files, and ensure the translations get rebuild * Update French translation (Closes: #769571) * Update Danish Translation, thanks to Joe Hansen * Update Ukrainian translation, thanks to Yuri Chornoivan * Update Russian translation, thanks to Ineiev * Update Chinese (traditional) translation, thanks to Jedi Lin * Update Italian translation, thanks to Milo Casagrande * Update Polish translation, thanks to Jakub Bogusz * Update Spanish translation, thanks to Manuel "Venturi" Porras Peralta (Closes: #770726) * Update Dutch translation, thanks to Frans Spiesschaert (Closes: #770816) * Update Czech translation, thanks to Roman Pavlik -- Colin Watson <cjwat...@ubuntu.com> Tue, 20 Jan 2015 17:20:15 +0000 ** Changed in: gnupg (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnupg in Ubuntu. https://bugs.launchpad.net/bugs/1371766 Title: Latest CVE-2014-5270 patch breaks ElGamal keys of 16k Status in gnupg package in Ubuntu: Fix Released Status in gnupg package in Debian: Fix Released Bug description: I'm currenty using Ubuntu 12.04.5 LTS, 32-bit. This is what i get with GnuPG version 1.4.11-3ubuntu2.6 using Enigmail (correct behavior): 2014-09-19 13:44:09.630 [CONSOLE] enigmail> /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt --encrypt-to 0x135C7291 - r 0x0B7D1987135C7291 -u 0x135C7291 2014-09-19 13:44:40.545 [DEBUG] enigmailCommon.jsm: encryptMessageEnd: uiFlags=16, sendFlags=00000142, outputLen=5768 2014-09-19 13:44:40.545 [DEBUG] enigmailCommon.jsm: parseErrorOutput: status message: gpg: 0x0B7D1987135C7291: skipped: public key already present [GNUPG:] BEGIN_ENCRYPTION 2 9 [GNUPG:] END_ENCRYPTION 2014-09-19 13:44:40.548 [DEBUG] enigmailCommon.jsm: parseErrorOutput: statusFlags = 80000000 2014-09-19 13:44:40.549 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.keySelection(): return toAddrStr="0x0B7D1987135C7291" bccAddrStr="" 2014-09-19 13:44:40.550 [DEBUG] enigmailMsgComposeOverlay.js: hasAttachments = false 2014-09-19 13:44:40.551 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.editorGetContentAs 2014-09-19 13:44:40.551 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.replaceEditorText: 2014-09-19 13:44:40.556 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.editorInsertText 2014-09-19 13:44:40.569 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.editorInsertText 2014-09-19 13:44:40.573 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.editorGetContentAs 2014-09-19 13:44:40.574 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.editorGetCharset 2014-09-19 13:44:40.574 [DEBUG] enigmailMsgComposeOverlay.js: Enigmail.msg.encryptMsg: charset=utf-8 2014-09-19 13:44:40.575 [DEBUG] enigmail.js: Enigmail.encryptMessage: 9 bytes from 0x135C7291 to 0x0B7D1987135C7291 (67) 2014-09-19 13:44:40.575 [DEBUG] enigmailCommon.jsm: encryptMessageStart: uiFlags=1, from 0x135C7291 to 0x0B7D1987135C7291, hashAlgorithm=null (00000043) 2014-09-19 13:44:40.575 [DEBUG] enigmailCommon.jsm: getEncryptCommand: hashAlgorithm=null 2014-09-19 13:44:40.577 enigmailCommon.jsm: execStart: command = /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt --sign --encrypt-to 0x135C7291 -r 0x0B7D1987135C7291 -u 0x135C7291, needPassphrase=1, domWindow=[object ChromeWindow], listener=[object Object] 2014-09-19 13:44:40.577 [DEBUG] enigmailCommon.jsm: getPassphrase: 2014-09-19 13:44:40.578 [CONSOLE] enigmail> /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt --sign --encrypt-to 0x135C7291 -r 0x0B7D1987135C7291 -u 0x135C7291 --use-agent 2014-09-19 13:45:15.448 [DEBUG] enigmailCommon.jsm: encryptMessageEnd: uiFlags=1, sendFlags=00000043, outputLen=5906 2014-09-19 13:45:15.448 [DEBUG] enigmailCommon.jsm: parseErrorOutput: status message: [GNUPG:] USERID_HINT 0B7D1987135C7291 Ciaby <ci...@autistici.org> [GNUPG:] NEED_PASSPHRASE 0B7D1987135C7291 0B7D1987135C7291 17 0 [GNUPG:] GOOD_PASSPHRASE gpg: 0x0B7D1987135C7291: skipped: public key already present [GNUPG:] BEGIN_SIGNING [GNUPG:] SIG_CREATED S 17 10 01 1411152280 D0178161A8FA6E506BD07C000B7D1987135C7291 [GNUPG:] BEGIN_ENCRYPTION 2 9 [GNUPG:] END_ENCRYPTION This is what i get with GnuPG version 1.4.11-3ubuntu2.7 using Enigmail (incorrect behavior): 2014-09-18 22:41:19.504 [CONSOLE] enigmail> /usr/bin/gpg --charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt --sign --encrypt-to 0x135 C7291 -r 0x834AC0577A169C63 -u 0x135C7291 --use-agent 2014-09-18 22:41:37.732 [DEBUG] enigmailCommon.jsm: encryptMessageEnd: uiFlags=1, sendFlags=00000043, outputLen=0 2014-09-18 22:41:37.733 [DEBUG] enigmailCommon.jsm: parseErrorOutput: status message: [GNUPG:] USERID_HINT 0B7D1987135C7291 Ciaby <ci...@autistici.org> [GNUPG:] NEED_PASSPHRASE 0B7D1987135C7291 0B7D1987135C7291 17 0 [GNUPG:] GOOD_PASSPHRASE gpg: out of secure memory while allocating 2048 bytes gpg: (this may be caused by too many secret keys used simultaneously or due to excessive large key sizes) Obviously, the latest security patch breaks ElGamal encryption with large keys (in this case, 16384 bytes). Although GnuPG doesn't allow to generate these keys, the PGP standard (and GnuPG itself) supports large key sizes. Please review the latest patch and make sure that all key sizes are supported. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/1371766/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp