Re: Bug#989422: buster-pu: package libgcrypt20/1.8.4-5+deb10u1

To: 989422@bugs.debian.org, Andreas Metzler <ametzler@bebt.de>
Cc: kibi@debian.org, debian-boot@lists.debian.org
Subject: Re: Bug#989422: buster-pu: package libgcrypt20/1.8.4-5+deb10u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 12 Jun 2021 14:59:41 +0100
Message-id: <[🔎] dd26190acf78c8124c46b1f474eb789f1d23bda6.camel@adam-barratt.org.uk>
In-reply-to: <d81055bb9771b819b7cf05c4fd507758dfc06941.camel@adam-barratt.org.uk>
References: <YLi9jJgEmOBAOTKZ@argenau.bebt.de> <YLi9jJgEmOBAOTKZ@argenau.bebt.de> <d81055bb9771b819b7cf05c4fd507758dfc06941.camel@adam-barratt.org.uk>

On Fri, 2021-06-11 at 11:06 +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed d-i
> 
> On Thu, 2021-06-03 at 13:31 +0200, Andreas Metzler wrote:
> > I would like to fix the non-DSA CVE-2021-33560 for buster by
> > cherrypicking the respective commit from 1.8.8. This is about weak
> > ElGamal encyption when a key not generated by libgcrypt/gnupg is
> > used.
> > 
> > This was fixed in unstable's 1.8.7-6, with bullseye unblock request
> > #989421 sent a couple of minutes ago.
> 
> I'd be OK with this, but as libgcrypt20 produces a udeb it'll also
> need a d-i ack; tagging and CCing appropriately.

As we're getting close to the window for 10.10 closing, please feel
free to upload the package and we'll handle the d-i coordination from
there.

Regards,

Adam

Reply to:

Prev by Date: Bug#989724: debootstrap: `--extra-suites=A,B` not showing up in `/etc/apt/sources.list`
Next by Date: Bug#989806: installation-reports
Previous by thread: Bug#989724: debootstrap: `--extra-suites=A,B` not showing up in `/etc/apt/sources.list`
Next by thread: Bug#989806: installation-reports
Index(es):
- Date
- Thread