Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal encryption subkeys (CVE-2014-5270). In addition, this update hardens GnuPG's behaviour when treating keyserver responses; GnuPG now filters keyserver responses to only accepts those keyid's actually requested by the user. For the stable distribution (wheezy), this problem has been fixed in version 1.4.12-7+deb7u6. For the testing (jessie) and unstable distribution (sid), this problem has been fixed in version 1.4.18-4. We recommend that you upgrade your gnupg packages.
Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal encryption subkeys (CVE-2014-5270).
In addition, this update hardens GnuPG's behaviour when treating keyserver responses; GnuPG now filters keyserver responses to only accepts those keyid's actually requested by the user.
For the stable distribution (wheezy), this problem has been fixed in version 1.4.12-7+deb7u6.
For the testing (jessie) and unstable distribution (sid), this problem has been fixed in version 1.4.18-4.
We recommend that you upgrade your gnupg packages.