6 Commits

Author	SHA1	Message	Date
Baruch Siach	0647268416	gnupg: security bump to version 1.4.23 ... Fixes CVE-2018-12020: Unsanitized file names might cause injection of terminal control characters into the status output of gnupg. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2018-06-11 21:36:52 +02:00
Baruch Siach	453ca1d6ad	gnupg: security bump to version 1.4.22 ... Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see <https://eprint.iacr.org/2017/627>. [CVE-2017-7526] Switch to https site for better firewall compatibility and security. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>	2017-08-30 22:07:45 +02:00
Baruch Siach	4debfc914b	gnupg: security bump to version 1.4.21 ... Fixes CVE-2016-6313: An attacker who obtains 580 bytes from the standard RNG can trivially predict the next 20 bytes of output. Add cryptographically secure sha256 hash. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2016-08-18 10:57:45 +02:00
Gustavo Zacarias	aee96dcc61	gnupg: bump to version 1.4.20 ... Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>	2015-12-20 22:49:04 +01:00
Gustavo Zacarias	b6997c8e4c	gnupg: security bump to version 1.4.19 ... Fixes: CVE-2014-3591 - Use ciphertext blinding for Elgamal decryption CVE-2015-0837 - Fixed data-dependent timing variations in modular exponentiation. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2015-02-28 13:04:04 +01:00
Gustavo Zacarias	62e808206d	gnupg: add hash file ... Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2014-10-07 12:30:14 +02:00