trusty-backports

Bug #1435397
Comment #0

Comment 0 for bug 1435397

Revision history for this message

hgre (hendrik-grewe) wrote on 2015-03-23:

Binary package hint: sks

Since sks servers running versions < 1.15 will not be included within sks.keyserver pool

attached is the changelog between 1.1.4 to 1.1.5 from https://bitbucket.org/skskeyserver/sks-keyserver/src/40280f59d0f503da1326972757168aa42335573f/CHANGELOG?at=default

Maybe it is also kind of security related due to CVE-2014-3207

Thanx in advance

1.1.5
  - Fixes for machine-readable indices. Key expiration times are now read
    from self-signatures on the key's UIDs. In addition, instead of 8-digit
    key IDs, index entries now return the most specific key ID possible:
    16-digit key ID for V3 keys, and the full fingerprint for V4 keys.
  - Add metadata information (number of keys, number of files,
    checksums, etc) to key dump. This allows for information on the
    key dump ahead of download/import, and direct verification of checksums
    using md5sum -c <metadata-file>.
  - Replaced occurrances of the deprecated operator 'or' with '||' (BB issue #2)
  - Upgraded to cryptlib-1.7 and own changes are now packaged as separate
    patches that is installed during 'make'. Added the SHA-3 algorithm, Keccak
  - Option max_matches was setting max_internal_matches. Fixed (BB issue #4)
  - op=hget now supports option=mr for completeness (BB issue #17)
  - Add CORS header to web server responses. Allows JavaScript code to
    interact with keyservers, for example the OpenPGP.js project.
  - Change the default hkp_address and recon_address to making the
    default configuration support IPv6. (Requires OCaml 3.11.0 or newer)
  - Only use '-warn-error A' if the source is marked as development as per
    the version suffix (+) (part of BB Issue #2)
  - Reduce logging verbosity for debug level lower than 6 for (i) bad requests,
    and (ii) no results found (removal of HTTP headers in log) (BB Issue #13)
  - Add additional OIDs for ECC RFC6637 style implementations
    (brainpool and secp256k1) (BB Issue #25) and fix issue for 32 bit arches.
  - Fix a non-persistent cross-site scripting possibility resulting from
    improper input sanitation before writing to client. (BB Issue #26 | CVE-2014-3207)

Binary package hint: sks

Since sks servers running versions < 1.15 will not be included within sks.keyserver pool

attached is the changelog between 1.1.4 to 1.1.5 from https://bitbucket.org/skskeyserver/sks-keyserver/src/40280f59d0f503da1326972757168aa42335573f/CHANGELOG?at=default

Maybe it is also kind of security related due to  CVE-2014-3207

Thanx in advance

1.1.5
  - Fixes for machine-readable indices. Key expiration times are now read
    from self-signatures on the key's UIDs. In addition, instead of 8-digit
    key IDs, index entries now return the most specific key ID possible:
    16-digit key ID for V3 keys, and the full fingerprint for V4 keys.
  - Add metadata information (number of keys, number of files, 
    checksums, etc) to key dump. This allows for information on the
    key dump ahead of download/import, and direct verification of checksums
    using md5sum -c <metadata-file>.  
  - Replaced occurrances of the deprecated operator 'or' with '||' (BB issue #2)
  - Upgraded to cryptlib-1.7 and own changes are now packaged as separate 
    patches that is installed during 'make'. Added the SHA-3 algorithm, Keccak
  - Option max_matches was setting max_internal_matches. Fixed (BB issue #4)
  - op=hget now supports option=mr for completeness (BB issue #17)
  - Add CORS header to web server responses. Allows JavaScript code to
    interact with keyservers, for example the OpenPGP.js project.
  - Change the default hkp_address and recon_address to making the 
    default configuration support IPv6. (Requires OCaml 3.11.0 or newer)
  - Only use '-warn-error A' if the source is marked as development as per
    the version suffix (+) (part of BB Issue #2)
  - Reduce logging verbosity for debug level lower than 6 for (i) bad requests, 
    and (ii) no results found (removal of HTTP headers in log) (BB Issue #13)
  - Add additional OIDs for ECC RFC6637 style implementations
    (brainpool and secp256k1) (BB Issue #25) and fix issue for 32 bit arches.
  - Fix a non-persistent cross-site scripting possibility resulting from 
    improper input sanitation before writing to client. (BB Issue #26 | CVE-2014-3207)