CVE-2015-0837

NameCVE-2015-0837
Descriptiondata-dependent timing variations in modular exponentiation
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-175-1, DLA-190-1, DSA-3184-1, DSA-3185-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnupg (PTS)jessie (security), jessie1.4.18-7+deb8u5fixed
libgcrypt20 (PTS)jessie1.6.3-2+deb8u4fixed
jessie (security)1.6.3-2+deb8u5fixed
stretch (security), stretch1.7.6-2+deb9u3fixed
buster, sid1.8.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnupgsource(unstable)1.4.18-7
gnupgsourcesqueeze1.4.10-4+squeeze7DLA-175-1
gnupgsourcewheezy1.4.12-7+deb7u7DSA-3184-1
libgcrypt11source(unstable)(unfixed)
libgcrypt11sourcesqueeze1.4.5-2+squeeze3DLA-190-1
libgcrypt11sourcewheezy1.5.0-5+deb7u3DSA-3185-1
libgcrypt20source(unstable)1.6.3-2

Notes

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=6cbc75e71295f23431c4ab95edc7573f2fc28476

Search for package or bug name: Reporting problems