aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/gnupg/gnupg_1.4.7.bb
diff options
context:
space:
mode:
authorKai Kang <kai.kang@windriver.com>2014-10-15 15:16:31 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-10-18 16:12:56 +0200
commitd1e0f3e71ce9978ff0fc94d71e67b528dad84c5c (patch)
tree00a18f11b0cd62b1b0671356422ac6e0c7b56ed3 /meta/recipes-support/gnupg/gnupg_1.4.7.bb
parentb145374c0a498de0160a9b81f50ce0066ab14862 (diff)
downloadopenembedded-core-contrib-d1e0f3e71ce9978ff0fc94d71e67b528dad84c5c.tar.gz
openembedded-core-contrib-d1e0f3e71ce9978ff0fc94d71e67b528dad84c5c.tar.bz2
openembedded-core-contrib-d1e0f3e71ce9978ff0fc94d71e67b528dad84c5c.zip
gnupg: CVE-2013-4242
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. Patch from commit e2202ff2b704623efc6277fb5256e4e15bac5676 in git://git.gnupg.org/libgcrypt.git Signed-off-by: Yong Zhang <yong.zhang@windriver.com> Signed-off-by: Kai Kang <kai.kang@windriver.com>
Diffstat (limited to 'meta/recipes-support/gnupg/gnupg_1.4.7.bb')
-rw-r--r--meta/recipes-support/gnupg/gnupg_1.4.7.bb1
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/gnupg/gnupg_1.4.7.bb b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
index ddcc2c24fe5..7be56fd7b59 100644
--- a/meta/recipes-support/gnupg/gnupg_1.4.7.bb
+++ b/meta/recipes-support/gnupg/gnupg_1.4.7.bb
@@ -17,6 +17,7 @@ SRC_URI = "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-${PV}.tar.bz2 \
file://curl_typeof_fix_backport.patch \
file://CVE-2013-4351.patch \
file://CVE-2013-4576.patch \
+ file://CVE-2013-4242.patch \
"
SRC_URI[md5sum] = "b06a141cca5cd1a55bbdd25ab833303c"