Bug 33473 - secret keyring compromise leading to secret key disclosure
Summary: secret keyring compromise leading to secret key disclosure
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: gnupg
Version: 7.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Aaron Brown
URL:
Whiteboard:
Keywords: Security
: 38508 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-03-27 19:14 UTC by Daniel Roesen
Modified: 2007-04-18 16:32 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2001-05-02 12:41:49 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2001:063 normal SHIPPED_LIVE : Updated gnupg packages available 2001-05-02 04:00:00 UTC

Description Daniel Roesen 2001-03-27 19:14:34 UTC
Issue is sufficiently discussed in several forums such as Bugtraq etc.
Werner Koch released GnuPG 1.0.4f an hour ago which contains fixes against
this attack.

References:
http://www.securityfocus.com/archive/1/170386
http://lists.gnupg.org/pipermail/gnupg-devel/2001-March/005846.html
http://lists.gnupg.org/pipermail/gnupg-devel/2001-March/005849.html

Comment 1 Nalin Dahyabhai 2001-04-03 02:04:31 UTC
Aw, crap.

Comment 2 Daniel Roesen 2001-04-29 20:26:48 UTC
GnuPG 1.0.5 is released

Comment 3 Daniel Roesen 2001-05-02 12:41:44 UTC
*** Bug 38508 has been marked as a duplicate of this bug. ***

Comment 4 Nalin Dahyabhai 2001-05-02 16:29:32 UTC
1.0.5 is being prepped for errata release.


Note You need to log in before you can comment on or make changes to this bug.