From ${URL}: We are pleased to announce the availability of a new GnuPG classic release: Version 1.4.19. This release mitigates two new side channel attacks. Updating any GnuPG 1.4 version to 1.4.19 is suggested! To update a GnuPG 2.0 or 2.1 version you need to update the shared library Libgcrypt to version 1.6.3. ## The libgcrypt bump is handled in bug 541564 ## +*gnupg-1.4.19 (27 Feb 2015) + + 27 Feb 2015; Kristian Fiskerstrand <k_f@gentoo.org> +gnupg-1.4.19.ebuild: + Version bump of 1.4 series. This release mitigates two new side channel + # Setting rating to B as the default installation is GnuPG 2.0, however 1.4 is still stabilized.
Arches, please stabilize: =app-crypt/gnupg-1.4.19 Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Stable for HPPA.
arm stable
amd64 stable
x86 stable
ia64 stable
ppc stable
ppc64 stable
sparc stable
alpha stable. Maintainer(s), please cleanup. Security, please vote.
Arches, Thank you for your work. GLSA Vote: Yes Maintainer(s), please drop the vulnerable version(s).
Added to existing GLSA request (eb6e5a471)
Maintainer(s), please drop the vulnerable version(s).
+ 11 May 2015; Kristian Fiskerstrand <k_f@gentoo.org> -gnupg-1.4.18.ebuild: + Remove vulnerable version c.f bug #541568 +
This issue was resolved and addressed in GLSA 201606-04 at https://security.gentoo.org/glsa/201606-04 by GLSA coordinator Yury German (BlueKnight)