Re: [SECURITY] [DLA 1931-1] libgcrypt20 security update
On Tue, Sep 24, 2019 at 04:40:52PM +0100, Chris Lamb wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> Package : libgcrypt20
> Version : 1.6.3-2+deb8u6
> CVE ID : CVE-2019-13627
> Debian Bug : #938938
> It was discovered that there was a ECDSA timing attack in the
> libgcrypt20 cryptographic library.
> For Debian 8 "Jessie", this issue has been fixed in libgcrypt20 version
> We recommend that you upgrade your libgcrypt20 packages.
Just a heads-up in case not seen yet: For all (but the amd64 upload)
it looks there were FTBFS: