Bug#989422: buster-pu: package libgcrypt20/1.8.4-5+deb10u1

To: Andreas Metzler <ametzler@bebt.de>, 989422@bugs.debian.org
Cc: kibi@debian.org, debain-boot@lists.debian.org
Subject: Bug#989422: buster-pu: package libgcrypt20/1.8.4-5+deb10u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 11 Jun 2021 11:06:36 +0100
Message-id: <[🔎] d81055bb9771b819b7cf05c4fd507758dfc06941.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 989422@bugs.debian.org
In-reply-to: <[🔎] YLi9jJgEmOBAOTKZ@argenau.bebt.de>
References: <[🔎] YLi9jJgEmOBAOTKZ@argenau.bebt.de> <[🔎] YLi9jJgEmOBAOTKZ@argenau.bebt.de>

Control: tags -1 + confirmed d-i

On Thu, 2021-06-03 at 13:31 +0200, Andreas Metzler wrote:
> I would like to fix the non-DSA CVE-2021-33560 for buster by
> cherrypicking the respective commit from 1.8.8. This is about weak
> ElGamal encyption when a key not generated by libgcrypt/gnupg is
> used.
> 
> This was fixed in unstable's 1.8.7-6, with bullseye unblock request
> #989421 sent a couple of minutes ago.

I'd be OK with this, but as libgcrypt20 produces a udeb it'll also need
a d-i ack; tagging and CCing appropriately.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#989422: buster-pu: package libgcrypt20/1.8.4-5+deb10u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Bug#989422: buster-pu: package libgcrypt20/1.8.4-5+deb10u1
  - From: Andreas Metzler <ametzler@bebt.de>

Prev by Date: Processed: Re: Bug#988962: buster-pu: package rxvt-unicode/9.22-6+deb10u1
Next by Date: Processed: Re: Bug#989422: buster-pu: package libgcrypt20/1.8.4-5+deb10u1
Previous by thread: Bug#989422: buster-pu: package libgcrypt20/1.8.4-5+deb10u1
Next by thread: Bug#989422: buster-pu: package libgcrypt20/1.8.4-5+deb10u1
Index(es):
- Date
- Thread