Re: [SECURITY] [DLA 1931-1] libgcrypt20 security update
Hi Chris,
On Tue, Sep 24, 2019 at 04:40:52PM +0100, Chris Lamb wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Package : libgcrypt20
> Version : 1.6.3-2+deb8u6
> CVE ID : CVE-2019-13627
> Debian Bug : #938938
>
> It was discovered that there was a ECDSA timing attack in the
> libgcrypt20 cryptographic library.
>
> For Debian 8 "Jessie", this issue has been fixed in libgcrypt20 version
> 1.6.3-2+deb8u6.
>
> We recommend that you upgrade your libgcrypt20 packages.
Just a heads-up in case not seen yet: For all (but the amd64 upload)
it looks there were FTBFS:
https://buildd.debian.org/status/package.php?p=libgcrypt20&suite=jessie-security
Regards,
Salvatore
Reply to: