Bug 42102 – gnupg: Multiple issues (4.1)

Bug 42102 - gnupg: Multiple issues (4.1)


Summary:	gnupg: Multiple issues (4.1)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.1-3-errata
Assigned To:	Arvid Requate
QA Contact:	Philipp Hahn

URL:
Keywords:

Depends on:	43593
Blocks:	43592
	Show dependency tree / graph

Reported:	2016-08-23 21:04 CEST by Arvid Requate
Modified:	2017-02-21 00:34 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Security
Max CVSS v3 score:	4.8 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

Flags:	requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2016-08-23 21:04:15 CEST

* libgcrypt: PRNG output is predictable (CVE-2016-6313)

+++ This bug was initially created as a clone of Bug #42101 +++

Comment 1 Arvid Requate

2016-08-29 22:17:10 CEST

Upstream Debian package version 1.4.12-7+deb7u8 fixes the issue above.

Comment 2 Arvid Requate

2016-10-18 15:39:51 CEST

Imported and built in errata4.1-3, UCS patch merged manually from UCS 4.0.
Package update worked (amd64).

Advisory: gnupg.yaml

Comment 3 Philipp Hahn

2016-10-19 09:14:46 CEST

OK: errata-announce -V --only gnupg.yaml
OK: gnupg.yaml

OK: aptitude search --disable-columns -F '%p %V %v' '?source-package(gnupg)~i'
OK: zless /usr/share/doc/gnupg/changelog.Debian.gz
OK: /usr/share/doc/gnupg/changelog.Debian.gz # 1.4.12-7+deb7u8
OK: gpgv --keyring /etc/apt/trusted.gpg /var/lib/apt/lists/univention-repository.knut.univention.de_4.1_maintained_4.1-0_all_Release{.gpg,}
OK: gpg --keyring /etc/apt/trusted.gpg --verify /var/lib/apt/lists/univention-repository.knut.univention.de_4.1_maintained_4.1-0_all_Release{.gpg,}
OK: gpg --gen-key
OK: debsign

Comment 4 Janek Walkenhorst

2016-10-20 12:40:30 CEST

<http://errata.software-univention.de/ucs/4.1/306.html>