[SECURITY] [DLA 1931-1] libgcrypt20 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1931-1] libgcrypt20 security update
From: "Chris Lamb" <lamby@debian.org>
Date: Tue, 24 Sep 2019 16:40:52 +0100
Message-id: <[🔎] 10a0be49-7635-4f7f-9267-837b6db37b14@www.fastmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libgcrypt20
Version        : 1.6.3-2+deb8u6
CVE ID         : CVE-2019-13627
Debian Bug     : #938938

It was discovered that there was a ECDSA timing attack in the
libgcrypt20 cryptographic library.

For Debian 8 "Jessie", this issue has been fixed in libgcrypt20 version
1.6.3-2+deb8u6.

We recommend that you upgrade your libgcrypt20 packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl2KOOkACgkQHpU+J9Qx
HlhH0Q//TZp2z8s88tMQLVnMT2+/FaLr7zFnha6J1/NT8bydC0NiVom8u1FEdVJY
bkPXuJ0FAWohsWkvlTO+EY+8nJTwQxTdxT0WY9QGlUsx8eG84Q+oD72LZHjgM7Cm
/wWCxKr2ohwz2ec6Qf0q7++yDSPBHAcQd1vmgr/DkhgYpbtLjBxIty0LuKjTIM/w
0A+JXltrrXUJ5lEdRmCY3aU3fAaP+HpRuS7mNg9cHN9i7Mkb5j7EkopxHhY0kUdP
YkdEXTxm/0Ci9iPnA3yqoIdoTaldzK9MK/QRPJZN/GXVlm1QGtMQ743bAAp7jWSS
8MqAtgWCRWiApNW3Rw+OBHIzXLdum5ydngb6c1alABFOCJ/reTT8kv042PI4ellB
zxzWHoQQhz4a2Ylha2J6WRoK3dEWi5B9dejajil6dq+z0euiy3oXVmDBSEbOlXas
K/jAa6TjEm+/86gVFzUpqJGol4fPwpXsrqi46hwd3teAn8bMYRs6c9h0QgI4bj24
RqFN0V8UixzmmLQRIgOcH4+S1BYcrLqzdoarY6qRthGeb8paGqimYMAI42/6RerB
IPPuMqwsND1ysSMjM/r5sTN+6DOGMsuxF7hMmpPjADvPbTdym5iH5CiM6usWWiqS
qsNOQhWySJIhsQXLwe32PLbcG+1ElgwwH4NawYQwDRs5xnRvJfM=
=YET7
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1928-1] php5 security update
Next by Date: [SECURITY] [DLA 1930-1] linux security update
Previous by thread: [SECURITY] [DLA 1928-1] php5 security update
Next by thread: [SECURITY] [DLA 1930-1] linux security update
Index(es):
- Date
- Thread