Summary: | <app-crypt/gnupg-1.4.21: Critical security vulnerability in RNG (CVE-2016-6313) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alexander, crypto+disabled, k_f |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=591534 | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Kristian Fiskerstrand (RETIRED)
2016-08-17 17:42:38 UTC
Arches, please stabilize =app-crypt/gnupg-1.4.21 Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 commit ff13a198c84b52c2633dd98e013066ef5797b226 Author: Kristian Fiskerstrand <k_f@gentoo.org> Date: Wed Aug 17 19:52:32 2016 +0200 app-crypt/gnupg: Security bump to 1.4.21 Gentoo-Bug: 591536 Package-Manager: portage-2.3.0 amd64 stable Stable for HPPA PPC64. arm stable Stable on alpha. x86 stable sparc stable ppc stable ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Cleanup done long ago CVE-2016-6313 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6313): PRNG output is predictable New GLSA created. This issue was resolved and addressed in GLSA 201612-01 at https://security.gentoo.org/glsa/201612-01 by GLSA coordinator Aaron Bauman (b-man). |