4 matches found
CVE-2014-1921
parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors...
CVE-2014-1921
CVE-2014-1921 affects parcimonie (privacy-friendly keyring refresh) with large keyrings. The issue is a timing-based information leakage: the tool sleeps a fixed interval between key fetches (e.g., ten minutes for large keyrings), enabling an observer to correlate fetches across events. Debian/DS...
[SECURITY] [DSA 2860-1] parcimonie security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2860-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 11, 2014 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2860-1] parcimonie security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2860-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 11, 2014 http://www.debian.org/security/faq -...