gnupg

• Author: kikadf
• Vulnerable: 1.4.14-1
• Unaffected: 1.4.14-2arcturus1

Daniel Kahn Gillmor discovered that GnuPG treated keys with empty usage flags as being valid for all usages. (CVE-2013-4351) Taylor R Campbell discovered that GnuPG incorrectly handled certain OpenPGP messages. (CVE-2013-4402) Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via acoustic emanations. (CVE-2013-4576)

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576