Hi, Sebastian Ramacher <sramacher@debian.org> (2021-06-05): > On 2021-06-03 13:23:02 +0200, Andreas Metzler wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian.org@packages.debian.org > > Usertags: unblock > > X-Debbugs-Cc: libgcrypt20@packages.debian.org > > > > Please unblock package libgcrypt20. > > > > Compared to 1.8.7-3 this pulls a 4 commits from 1.8.8, including > > 30_10-cipher-Fix-ElGamal-encryption-for-other-implementati.patch > > (CVE-2021-33560) which fixes weak ElGamal encryption with keys *not* > > generated by libgcrypt/gnupg. It does not warrant a DSA (already > > doublechecked with debian-security) but should still be fixed. I will > > also prepare an upload for buster. > > ACK. Cyril, could you please (N)ACK for d-i? I considered it yesterday but given the (now fixed) regression, I thought it might make sense to have age a bit in unstable. Please wait until src:debian-installer is built on all architectures (the upload should happen today). Cheers, -- Cyril Brulebois (kibi@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
Attachment:
signature.asc
Description: PGP signature