Bug 33473

Summary: secret keyring compromise leading to secret key disclosure
Product: [Retired] Red Hat Linux Reporter: Daniel Roesen <dr>
Component: gnupgAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED ERRATA QA Contact: Aaron Brown <abrown>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-05-02 12:41:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Daniel Roesen 2001-03-27 19:14:34 UTC 
Issue is sufficiently discussed in several forums such as Bugtraq etc.
Werner Koch released GnuPG 1.0.4f an hour ago which contains fixes against
this attack.

References:
http://www.securityfocus.com/archive/1/170386
http://lists.gnupg.org/pipermail/gnupg-devel/2001-March/005846.html
http://lists.gnupg.org/pipermail/gnupg-devel/2001-March/005849.html
Comment 1 Nalin Dahyabhai 2001-04-03 02:04:31 UTC 
Aw, crap.
Comment 2 Daniel Roesen 2001-04-29 20:26:48 UTC 
GnuPG 1.0.5 is released
Comment 3 Daniel Roesen 2001-05-02 12:41:44 UTC 
*** Bug 38508 has been marked as a duplicate of this bug. ***
Comment 4 Nalin Dahyabhai 2001-05-02 16:29:32 UTC 
1.0.5 is being prepped for errata release.