[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] Hurd branch, master, updated. v0.8-43-g4fb81a7
|
From: |
Justus Winter |
|
Subject: |
[SCM] Hurd branch, master, updated. v0.8-43-g4fb81a7 |
|
Date: |
Tue, 6 Sep 2016 08:00:13 +0000 (UTC) |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Hurd".
The branch, master has been updated
via 4fb81a7e92d0cd6d854a4a020f34b948ad6ce29b (commit)
from 349b9c4fdcb49add63ec71cabd6e4e4dbe6b262d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4fb81a7e92d0cd6d854a4a020f34b948ad6ce29b
Author: Justus Winter <address@hidden>
Date: Tue Sep 6 09:47:02 2016 +0200
random: Hash continuous areas in the csprng pool.
* random/gnupg-random.c (mix_pool): Store the first hash at the end of
the pool.
--
This fixes a long standing bug (since 1998) in Libgcrypt and GnuPG.
An attacker who obtains 580 bytes of the random number from the
standard RNG can trivially predict the next 20 bytes of output.
The bug was found and reported by Felix Dörre and Vladimir Klebanov,
Karlsruhe Institute of Technology. A paper describing the problem in
detail will shortly be published.
This is a port of c6dbfe89 from the GnuPG classic branch.
CVE-id: CVE-2016-6313
-----------------------------------------------------------------------
Summary of changes:
random/gnupg-random.c | 19 +++++++++----------
1 file changed, 9 insertions(+), 10 deletions(-)
hooks/post-receive
--
Hurd
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] Hurd branch, master, updated. v0.8-43-g4fb81a7,
Justus Winter <=