Bug#864083: unblock: libgcrypt20/1.7.6-2

To: Andreas Metzler <ametzler@bebt.de>, 864083@bugs.debian.org
Cc: Cyril Brulebois <kibi@debian.org>
Subject: Bug#864083: unblock: libgcrypt20/1.7.6-2
From: Niels Thykier <niels@thykier.net>
Date: Sun, 04 Jun 2017 08:40:00 +0000
Message-id: <[🔎] 56417022-4afb-5ee0-4122-c55e16fad187@thykier.net>
Reply-to: Niels Thykier <niels@thykier.net>, 864083@bugs.debian.org
In-reply-to: <[🔎] 20170604083044.qxfcagcaguyljqxi@argenau.bebt.de>
References: <[🔎] 20170604083044.qxfcagcaguyljqxi@argenau.bebt.de>

Control: tags -1 confirmed d-i

Andreas Metzler:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package libgcrypt20, the upload features the following
> changes:
> * Refresh debian/upstream/signing-key.asc, key-expiry-dates bumped.
> * Pull two fixes from gcrypt 1.7.7 bugfix release:
>   + 30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch
>     Fix possible timing attack on EdDSA session key.
>   + 30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch
>     Fix long standing bug in secure memory implementation which could lead
>     to a segv on free.
> 
> unblock libgcrypt20/1.7.6-2
> 
> Thanks, cu Andreas
> 

Ack from here, CC'ing KiBi for a d-i ack - assuming there is still time.
 Worst case, we will have to defer it to 9.1.

Thanks,
~Niels

Reply to:

Follow-Ups:
- Bug#864083: unblock: libgcrypt20/1.7.6-2
  - From: Cyril Brulebois <kibi@debian.org>

References:
- Bug#864083: unblock: libgcrypt20/1.7.6-2
  - From: Andreas Metzler <ametzler@bebt.de>

Prev by Date: Bug#864083: unblock: libgcrypt20/1.7.6-2
Next by Date: Processed: Re: Bug#864083: unblock: libgcrypt20/1.7.6-2
Previous by thread: Bug#864083: unblock: libgcrypt20/1.7.6-2
Next by thread: Bug#864083: unblock: libgcrypt20/1.7.6-2
Index(es):
- Date
- Thread