Re: Bug#989422: buster-pu: package libgcrypt20/1.8.4-5+deb10u1
On Fri, 2021-06-11 at 11:06 +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed d-i
> On Thu, 2021-06-03 at 13:31 +0200, Andreas Metzler wrote:
> > I would like to fix the non-DSA CVE-2021-33560 for buster by
> > cherrypicking the respective commit from 1.8.8. This is about weak
> > ElGamal encyption when a key not generated by libgcrypt/gnupg is
> > used.
> > This was fixed in unstable's 1.8.7-6, with bullseye unblock request
> > #989421 sent a couple of minutes ago.
> I'd be OK with this, but as libgcrypt20 produces a udeb it'll also
> need a d-i ack; tagging and CCing appropriately.
As we're getting close to the window for 10.10 closing, please feel
free to upload the package and we'll handle the d-i coordination from