2015-06-04 08:27:51 |
deutrino |
bug |
|
|
added bug |
2015-06-04 08:28:07 |
deutrino |
information type |
Private Security |
Public Security |
|
2015-06-04 08:29:17 |
deutrino |
description |
1024-bit RSA was deprecated years ago by NIST[1], Microsoft[2] and more recently by others[3].
1024-bit signing keys are insufficient to guarantee the authenticity of software distributed from Launchpad.net. There should be a mechanism to refuse signing keys below a minimum key length based on key type. 1024-bit signing keys should be deprecated and removed from Launchpad.net itself ASAP.
1. http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
2. http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx
3. https://threatpost.com/mozilla-1024-bit-cert-deprecation-leaves-107000-sites-untrusted/108114 |
1024-bit RSA was deprecated years ago by NIST[1], Microsoft[2] and more recently by others[3].
1024-bit signing keys are insufficient to guarantee the authenticity of software distributed from Launchpad.net including PPAs. There should be a mechanism to refuse signing keys below a minimum key length based on key type. 1024-bit signing keys should be deprecated and removed from Launchpad.net itself ASAP. Future projects and PPAs should be disallowed from using 1024-bit signing keys.
1. http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
2. http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx
3. https://threatpost.com/mozilla-1024-bit-cert-deprecation-leaves-107000-sites-untrusted/108114 |
|
2015-07-21 19:20:21 |
Micah Lee |
bug |
|
|
added subscriber Micah Lee |
2015-07-21 19:55:25 |
Jelmer Vernooij |
bug |
|
|
added subscriber Jelmer Vernooij |
2015-07-21 20:45:52 |
Daniel Serodio |
bug |
|
|
added subscriber Daniel Serodio |
2015-07-21 21:13:31 |
Seth Arnold |
bug task added |
|
apt (Ubuntu) |
|
2015-07-21 22:17:15 |
Launchpad Janitor |
apt (Ubuntu): status |
New |
Confirmed |
|
2015-07-29 13:02:09 |
William Grant |
bug task deleted |
launchpad |
|
|
2017-05-06 15:11:45 |
Bob Freeman |
tags |
|
encryption needs-update security vulnerability |
|
2017-05-06 15:58:38 |
Bob Freeman |
bug task added |
|
launchpad |
|
2017-05-06 16:07:18 |
Bob Freeman |
bug |
|
|
added subscriber Bob Freeman |
2017-05-07 19:06:43 |
Julian Andres Klode |
apt (Ubuntu): status |
Confirmed |
Invalid |
|
2017-05-07 19:07:01 |
Julian Andres Klode |
bug task added |
|
gnupg2 (Ubuntu) |
|
2017-06-22 02:02:56 |
Launchpad Janitor |
gnupg2 (Ubuntu): status |
New |
Confirmed |
|
2017-11-04 20:08:44 |
Mathew Hodson |
bug |
|
|
added subscriber Mathew Hodson |
2017-11-07 00:14:40 |
Andrei Shevchuk |
bug |
|
|
added subscriber Andrei Shevchuk |
2018-08-24 11:51:04 |
Rowan Wookey |
bug |
|
|
added subscriber Rowan Wookey |
2020-01-17 17:40:57 |
wachirapranee tesprasit |
apt (Ubuntu): status |
Invalid |
Confirmed |
|
2020-01-17 17:42:05 |
wachirapranee tesprasit |
launchpad: status |
New |
Confirmed |
|
2020-01-17 17:42:19 |
wachirapranee tesprasit |
launchpad: assignee |
|
wachirapranee tesprasit (tatar28) |
|
2020-01-17 17:42:25 |
wachirapranee tesprasit |
apt (Ubuntu): assignee |
|
wachirapranee tesprasit (tatar28) |
|
2020-01-17 17:42:31 |
wachirapranee tesprasit |
gnupg2 (Ubuntu): assignee |
|
wachirapranee tesprasit (tatar28) |
|
2020-01-17 17:42:43 |
wachirapranee tesprasit |
launchpad: status |
Confirmed |
Fix Released |
|
2020-01-17 17:42:58 |
wachirapranee tesprasit |
apt (Ubuntu): status |
Confirmed |
Fix Released |
|
2020-01-17 17:43:10 |
wachirapranee tesprasit |
gnupg2 (Ubuntu): status |
Confirmed |
Fix Released |
|
2020-01-17 17:44:23 |
wachirapranee tesprasit |
description |
1024-bit RSA was deprecated years ago by NIST[1], Microsoft[2] and more recently by others[3].
1024-bit signing keys are insufficient to guarantee the authenticity of software distributed from Launchpad.net including PPAs. There should be a mechanism to refuse signing keys below a minimum key length based on key type. 1024-bit signing keys should be deprecated and removed from Launchpad.net itself ASAP. Future projects and PPAs should be disallowed from using 1024-bit signing keys.
1. http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
2. http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx
3. https://threatpost.com/mozilla-1024-bit-cert-deprecation-leaves-107000-sites-untrusted/108114 |
1024-bit RSA เลิกใช้แล้วเมื่อหลายปีก่อนโดย NIST [1], Microsoft [2] และอื่น ๆ เมื่อไม่นานมานี้ [3]
คีย์การลงชื่อ 1024 บิตไม่เพียงพอที่จะรับประกันความถูกต้องของซอฟต์แวร์ที่แจกจ่ายจาก Launchpad.net รวมถึง PPA ควรมีกลไกในการปฏิเสธการเซ็นชื่อคีย์ด้านล่างความยาวคีย์ต่ำสุดตามชนิดของคีย์ คีย์การเซ็นชื่อ 1024 บิตควรเลิกใช้แล้วนำออกจาก Launchpad.net โดยเร็วที่สุด โครงการในอนาคตและ PPAs ควรถูกห้ามไม่ให้ใช้คีย์การลงชื่อ 1024 บิต
1. http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
2. http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx
3. https://threatpost.com/mozilla-1024-bit-cert-deprecation-leaves-107000-sites-untrusted/108114 |
|
2020-01-17 17:45:12 |
wachirapranee tesprasit |
bug |
|
|
added subscriber wachirapranee tesprasit |
2020-01-17 23:07:54 |
Colin Watson |
description |
1024-bit RSA เลิกใช้แล้วเมื่อหลายปีก่อนโดย NIST [1], Microsoft [2] และอื่น ๆ เมื่อไม่นานมานี้ [3]
คีย์การลงชื่อ 1024 บิตไม่เพียงพอที่จะรับประกันความถูกต้องของซอฟต์แวร์ที่แจกจ่ายจาก Launchpad.net รวมถึง PPA ควรมีกลไกในการปฏิเสธการเซ็นชื่อคีย์ด้านล่างความยาวคีย์ต่ำสุดตามชนิดของคีย์ คีย์การเซ็นชื่อ 1024 บิตควรเลิกใช้แล้วนำออกจาก Launchpad.net โดยเร็วที่สุด โครงการในอนาคตและ PPAs ควรถูกห้ามไม่ให้ใช้คีย์การลงชื่อ 1024 บิต
1. http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
2. http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx
3. https://threatpost.com/mozilla-1024-bit-cert-deprecation-leaves-107000-sites-untrusted/108114 |
1024-bit RSA was deprecated years ago by NIST[1], Microsoft[2] and more recently by others[3].
1024-bit signing keys are insufficient to guarantee the authenticity of software distributed from Launchpad.net including PPAs. There should be a mechanism to refuse signing keys below a minimum key length based on key type. 1024-bit signing keys should be deprecated and removed from Launchpad.net itself ASAP. Future projects and PPAs should be disallowed from using 1024-bit signing keys.
1. http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
2. http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx
3. https://threatpost.com/mozilla-1024-bit-cert-deprecation-leaves-107000-sites-untrusted/108114 |
|
2020-01-17 23:08:47 |
Colin Watson |
launchpad: assignee |
wachirapranee tesprasit (tatar28) |
|
|
2020-01-17 23:08:49 |
Colin Watson |
apt (Ubuntu): assignee |
wachirapranee tesprasit (tatar28) |
|
|
2020-01-17 23:08:50 |
Colin Watson |
gnupg2 (Ubuntu): assignee |
wachirapranee tesprasit (tatar28) |
|
|
2020-01-17 23:09:00 |
Colin Watson |
launchpad: status |
Fix Released |
New |
|
2020-01-17 23:09:05 |
Colin Watson |
apt (Ubuntu): status |
Fix Released |
Invalid |
|
2020-01-17 23:09:10 |
Colin Watson |
gnupg2 (Ubuntu): status |
Fix Released |
Confirmed |
|
2022-06-28 10:05:29 |
Martin |
bug watch added |
|
https://github.com/oerdnj/deb.sury.org/issues/1429 |
|
2022-06-28 10:45:16 |
Rowan Wookey |
removed subscriber Rowan Wookey |
|
|
|
2022-06-29 02:51:55 |
Mathew Hodson |
removed subscriber Mathew Hodson |
|
|
|
2024-02-26 06:48:47 |
Rico Tzschichholz |
bug |
|
|
added subscriber Rico Tzschichholz |