-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Feb 2014 01:04:20 CET Source: parcimonie Binary: parcimonie Architecture: source all Version: 0.7.1-1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: intrigeri <intrigeri@debian.org> Changed-By: intrigeri <intrigeri@debian.org> Description: parcimonie - privacy-friendly helper to refresh a GnuPG keyring Closes: 738004 738134 Changes: parcimonie (0.7.1-1+deb7u1) wheezy-security; urgency=high . * Cherry-pick two upstream patches: - Sleep a random amount of time if the computed random sleep time is too low (CVE-2014-1921, Closes: #738134). - Clarify lapse time with large number of keys (Closes: #738004). Thanks Holger Levsen <holger@layer-acht.org> for the bug reports! Checksums-Sha256: 591f775cd0bb743607237c9d986f719cd4438dcf24e1021a8fa6e340326f1781 2752 parcimonie_0.7.1-1+deb7u1.dsc c86f9ebf17248ee3415eccef89a898c13930e63929a4b9dc1ce3f35b54004ee2 6321 parcimonie_0.7.1-1+deb7u1.debian.tar.gz 83c2f9c3f27120f141e15075730e4274dc4378a2f093e61a0349dc5c007aa2fe 41906 parcimonie_0.7.1-1+deb7u1_all.deb 1672056cfaa8d20f6baa2787e6fe300349758648303d5ab8ca6c53369332c0e1 54775 parcimonie_0.7.1.orig.tar.gz Checksums-Sha1: c3029aabad61de0d678c37b93b1273c3732b479c 2752 parcimonie_0.7.1-1+deb7u1.dsc 6530df822664e54591f5ed4c757aa41da22f9d1f 6321 parcimonie_0.7.1-1+deb7u1.debian.tar.gz 9259ed5c571c8129717208da4848e68257c39a9c 41906 parcimonie_0.7.1-1+deb7u1_all.deb e9b10f41561fa936d2ac73ebbcde1df5a50e4239 54775 parcimonie_0.7.1.orig.tar.gz Files: 951946c4b9d8c53edca40ecb2f293da2 2752 perl optional parcimonie_0.7.1-1+deb7u1.dsc f1fee27a82bc0296c0ca1edaf174cc51 6321 perl optional parcimonie_0.7.1-1+deb7u1.debian.tar.gz 19622fb9be62b1a5f012a89c2cc38b03 41906 perl optional parcimonie_0.7.1-1+deb7u1_all.deb 1dc6b119440c6bebc31205cf54820634 54775 perl optional parcimonie_0.7.1.orig.tar.gz -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJS+WmdAAoJELrOFdKldJj/kD0QAMx8Y4c+ObV2iIjd57C5F+QB fpmpExvA78cHmA5ZIHJyeJnHMplMp79G7jRJm0ugZcYfOcUAatSHeX7s8UMMAgHg 3NJlGNsVhVvQzK3A5Fkn/dDjyplJQsLIi7JEnFoBqB6hT+z4jYFBvZ3c43uIDost Kn/eV7WYfFTmiRJ/Wfy0Zk7lb5o3Sd5hdUBFuKl4LRanmNM3OmyGW0EKJI4bnjIk 2vmBR7Jg2vkxfzKVVFAUR2PJ9XyKlF63h6iaDrCaWIFMijBqgeh3CLL0chvRt3MN jTRUS2FCBAXvJ/EROf5yHloa4ZZlF4vLKT9bIQRVl8hhwbir8PzX1f/+JpLboQRu gWurEzG2qdK/udd6nt2ebn9ENSJjRu/2aDGZ/YsHmQwesmUV17gVW9nWqNmYhHsp tePvTP2dWTYEPKWRKDESxR6MvWVqg/PalY4GmIWBcRCFDgVytli/hGlr6Rh0zN9n fPrhI24lbBjdfX3YIVYu4/JqO4u2hWnCfxPzIYTVEby8otJ01CRG9KPLIWzHSkVa GXFg/wwdrOpB4w2o4paI8YyQ6Feslts2krwZBuApdaIOb8O4z8KxlI7AeGpMVqn8 loxYrbOfuQ2U+J39Zcs5inzlAg+A3mXcC2m/nolIbMvJ9WqHjA3iU6DfxMyA6OLP KkJxKK+6vPTDPaDI9OpX =Hytj -----END PGP SIGNATURE-----