dev-libs/libgcrypt-1.5.3: http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html app-crypt/gnupg-1.4.14: http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
Arches, please stabilize: =dev-libs/libgcrypt-1.5.3 Target keywords: alpha,amd64,arm,hppa,ia64,m68k,ppc,ppc64,s390,sh,sparc,x86 and =app-crypt/gnupg-1.4.14 Target keywords: alpha,amd64,arm,hppa,ia64,ppc,ppc64,s390,sh,sparc,x86
amd64 stable
Stable for HPPA.
x86 stable
ppc stable
arm stable
alpha stable
ia64 stable
ppc64 stable
s390 stable
sparc stable
sh stable
CVE-2013-4242 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4242): GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.
GLSA vote: yes
m68k gone from stable, removing from CC. @maintainers: clean affected, please. GLSA vote: yes, added to existing draft.
crypto done
This is A for libgcrypt
Maintainer(s), please drop the vulnerable version. <dev-libs/libgcrypt-1.5.3 Thank you for cleaning up gnupg!
Cleanup's apparently been done.
This issue was resolved and addressed in GLSA 201402-24 at http://security.gentoo.org/glsa/glsa-201402-24.xml by GLSA coordinator Chris Reffett (creffett).