Date: Sat, 17 Aug 2013 07:56:12 +0000 (UTC) From: Brendan Fabeny <bf@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r324830 - in head/security: libgcrypt vuxml Message-ID: <201308170756.r7H7uCEF004913@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bf Date: Sat Aug 17 07:56:12 2013 New Revision: 324830 URL: http://svnweb.freebsd.org/changeset/ports/324830 Log: Update security/libgcrypt to 1.5.3 [1], and document the latest gnupg and libgcrypt vulnerability PR: 181231 Submitted by: Hirohisa Yamaguchi (maintainer) [1] Security: http://www.vuxml.org/freebsd/689c2bf7-0701-11e3-9a25-002590860428.html Modified: head/security/libgcrypt/Makefile head/security/libgcrypt/distinfo (contents, props changed) head/security/vuxml/vuln.xml Modified: head/security/libgcrypt/Makefile ============================================================================== --- head/security/libgcrypt/Makefile Sat Aug 17 07:44:35 2013 (r324829) +++ head/security/libgcrypt/Makefile Sat Aug 17 07:56:12 2013 (r324830) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= libgcrypt -PORTVERSION= 1.5.2 +PORTVERSION= 1.5.3 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_GNUPG} MASTER_SITE_SUBDIR= ${PORTNAME} Modified: head/security/libgcrypt/distinfo ============================================================================== --- head/security/libgcrypt/distinfo Sat Aug 17 07:44:35 2013 (r324829) +++ head/security/libgcrypt/distinfo Sat Aug 17 07:56:12 2013 (r324830) @@ -1,2 +1,2 @@ -SHA256 (libgcrypt-1.5.2.tar.bz2) = e41a4339f50294f3c925f2f71aaf2427eb162d2994da91666dfc32621afe963f -SIZE (libgcrypt-1.5.2.tar.bz2) = 1507418 +SHA256 (libgcrypt-1.5.3.tar.bz2) = bcf5334e7da352c45de6aec5d2084ce9a1d30029ff4a4a5da13f1848874759d1 +SIZE (libgcrypt-1.5.3.tar.bz2) = 1508530 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Aug 17 07:44:35 2013 (r324829) +++ head/security/vuxml/vuln.xml Sat Aug 17 07:56:12 2013 (r324830) @@ -51,6 +51,41 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="689c2bf7-0701-11e3-9a25-002590860428"> + <topic>GnuPG and Libgcrypt -- side-channel attack vulnerability</topic> + <affects> + <package> + <name>gnupg</name> + <range><lt>1.4.14</lt></range> + </package> + <package> + <name>libgcrypt</name> + <range><lt>1.5.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Werner Koch of the GNU project reports:</p> + <blockquote cite="http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html">; + <p>Noteworthy changes in version 1.5.3:</p> + <p>Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys...</p> + <p>Note that Libgcrypt is used by GnuPG 2.x and thus this release fixes the above + problem. The fix for GnuPG less than 2.0 can be found in the just released GnuPG + 1.4.14.</p> + </blockquote> + </body> + </description> + <references> + <url>http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html</url>; + <url>http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html</url>; + <url>http://eprint.iacr.org/2013/448</url>; + </references> + <dates> + <discovery>2013-07-18</discovery> + <entry>2013-08-17</entry> + </dates> + </vuln> + <vuln vid="2b2f6092-0694-11e3-9e8e-000c29f6ae42"> <topic>puppet -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201308170756.r7H7uCEF004913>