From 0ba78399f462618156c5853822eb8d73a297289b Mon Sep 17 00:00:00 2001 From: Yong Zhang Date: Wed, 26 Mar 2014 16:32:13 +0800 Subject: gnupg: CVE-2013-4576 GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE. (From OE-Core rev: 46b80c80b0e008820b34f4360054e1697df2650d) Signed-off-by: Yong Zhang Signed-off-by: Jackie Huang Signed-off-by: Richard Purdie --- meta/recipes-support/gnupg/gnupg_1.4.7.bb | 1 + 1 file changed, 1 insertion(+) (limited to 'meta/recipes-support/gnupg/gnupg_1.4.7.bb') diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb index 83d8fabb5d..e8f797d4f4 100644 --- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb +++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb @@ -16,6 +16,7 @@ SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \ file://GnuPG1-CVE-2012-6085.patch \ file://curl_typeof_fix_backport.patch \ file://CVE-2013-4351.patch \ + file://CVE-2013-4576.patch \ " SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c" -- cgit v1.2.3-54-g00ecf