Re: [SECURITY] [DLA 1931-1] libgcrypt20 security update

To: debian-lts@lists.debian.org
Subject: Re: [SECURITY] [DLA 1931-1] libgcrypt20 security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 24 Sep 2019 22:45:24 +0200
Message-id: <[🔎] 20190924204524.GA15761@eldamar.local>
Mail-followup-to: debian-lts@lists.debian.org
In-reply-to: <10a0be49-7635-4f7f-9267-837b6db37b14@www.fastmail.com>
References: <10a0be49-7635-4f7f-9267-837b6db37b14@www.fastmail.com>

Hi Chris,

On Tue, Sep 24, 2019 at 04:40:52PM +0100, Chris Lamb wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Package        : libgcrypt20
> Version        : 1.6.3-2+deb8u6
> CVE ID         : CVE-2019-13627
> Debian Bug     : #938938
> 
> It was discovered that there was a ECDSA timing attack in the
> libgcrypt20 cryptographic library.
> 
> For Debian 8 "Jessie", this issue has been fixed in libgcrypt20 version
> 1.6.3-2+deb8u6.
> 
> We recommend that you upgrade your libgcrypt20 packages.

Just a heads-up in case not seen yet: For all (but the amd64 upload)
it looks there were FTBFS:

https://buildd.debian.org/status/package.php?p=libgcrypt20&suite=jessie-security

Regards,
Salvatore

Reply to:

Follow-Ups:
- Re: [SECURITY] [DLA 1931-1] libgcrypt20 security update
  - From: "Chris Lamb" <lamby@debian.org>

Prev by Date: ruby-nokogiri / CVE-2019-5477
Next by Date: ruby-mini-magick
Previous by thread: ruby-nokogiri / CVE-2019-5477
Next by thread: Re: [SECURITY] [DLA 1931-1] libgcrypt20 security update
Index(es):
- Date
- Thread