CVE-2015-0837

NameCVE-2015-0837
Descriptiondata-dependent timing variations in modular exponentiation
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-175-1, DLA-190-1, DSA-3184-1, DSA-3185-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnupg (PTS)wheezy1.4.12-7+deb7u7fixed
wheezy (security)1.4.12-7+deb7u9fixed
jessie1.4.18-7+deb8u3fixed
jessie (security)1.4.18-7+deb8u4fixed
libgcrypt11 (PTS)wheezy1.5.0-5+deb7u4fixed
wheezy (security)1.5.0-5+deb7u6fixed
libgcrypt20 (PTS)jessie (security), jessie1.6.3-2+deb8u4fixed
stretch (security), stretch1.7.6-2+deb9u2fixed
buster, sid1.7.9-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnupgsource(unstable)1.4.18-7
gnupgsourcesqueeze1.4.10-4+squeeze7DLA-175-1
gnupgsourcewheezy1.4.12-7+deb7u7DSA-3184-1
libgcrypt11source(unstable)(unfixed)
libgcrypt11sourcesqueeze1.4.5-2+squeeze3DLA-190-1
libgcrypt11sourcewheezy1.5.0-5+deb7u3DSA-3185-1
libgcrypt20source(unstable)1.6.3-2

Notes

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=6cbc75e71295f23431c4ab95edc7573f2fc28476

Search for package or bug name: Reporting problems