diff options
author | Kai Kang <kai.kang@windriver.com> | 2014-10-15 15:16:31 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-10-18 16:14:04 +0200 |
commit | 7a9f5c9120d9330fae5f432630de120be11c28d9 (patch) | |
tree | f66ec063b4791aba7700e70b4f6f059fae68fbae /meta/recipes-support/gnupg/gnupg_1.4.7.bb | |
parent | 754288c387b058843d0885fc7e02b4a34e2b3aab (diff) | |
download | openembedded-core-contrib-7a9f5c9120d9330fae5f432630de120be11c28d9.tar.gz |
gnupg: CVE-2013-4242
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x
and possibly other products, allows local users to obtain private RSA
keys via a cache side-channel attack involving the L3 cache, aka
Flush+Reload.
Patch from commit e2202ff2b704623efc6277fb5256e4e15bac5676 in
git://git.gnupg.org/libgcrypt.git
(From OE-Core rev: d1e0f3e71ce9978ff0fc94d71e67b528dad84c5c)
Signed-off-by: Yong Zhang <yong.zhang@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/gnupg/gnupg_1.4.7.bb')
-rw-r--r-- | meta/recipes-support/gnupg/gnupg_1.4.7.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb index ddcc2c24fe..7be56fd7b5 100644 --- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb +++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb @@ -17,6 +17,7 @@ SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \ file://curl_typeof_fix_backport.patch \ file://CVE-2013-4351.patch \ file://CVE-2013-4576.patch \ + file://CVE-2013-4242.patch \ " SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c" |