Change log for libgcrypt20 package in Ubuntu

150 of 77 results
Published in plucky-release
Published in oracular-release
Deleted in oracular-proposed (Reason: Moved to oracular)
libgcrypt20 (1.11.0-6ubuntu1) oracular; urgency=medium

  * Pull upstream patch to fix FTBFS on s390x during build-time tests:
    + lp2083245-disable-sha3-s390x-acceleration-for-cshake.patch
    (LP: #2083245)

 -- Adrien Nader <email address hidden>  Mon, 30 Sep 2024 16:16:24 +0200
Superseded in oracular-release
Deleted in oracular-proposed (Reason: Moved to oracular)
libgcrypt20 (1.11.0-6) unstable; urgency=medium

  * 30_mpi-ec-inline-reduce-register-pressure-on-32-bit-ARM.patchn from
    upstream GIT master: Fix FTBFS on arm with gcc-14. Closes: #1077326

 -- Andreas Metzler <email address hidden>  Wed, 07 Aug 2024 18:42:37 +0200
Superseded in oracular-proposed
libgcrypt20 (1.11.0-5) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sun, 28 Jul 2024 13:05:45 +0200

Available diffs

Superseded in oracular-release
Deleted in oracular-proposed (Reason: Moved to oracular)
libgcrypt20 (1.11.0-2) unstable; urgency=low

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Tue, 09 Jul 2024 16:29:33 +0200

Available diffs

Superseded in oracular-release
Deleted in oracular-proposed (Reason: Moved to oracular)
libgcrypt20 (1.10.3-3) unstable; urgency=medium

  * 30_m4-Include-_AM_PATH_GPGRT_CONFIG-definition.patch from upstream GIT
    master: Update libgcrypt.m4 to let AM_PATH_LIBGCRYPT continue to work
    without preceding AM_PATH_GPG_ERROR() when libgcrypt-config is removed.

 -- Andreas Metzler <email address hidden>  Tue, 14 May 2024 18:11:46 +0200
Superseded in oracular-release
Published in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
libgcrypt20 (1.10.3-2build1) noble; urgency=high

  * No change rebuild for 64-bit time_t and frame pointers.

 -- Julian Andres Klode <email address hidden>  Mon, 08 Apr 2024 18:03:56 +0200
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
libgcrypt20 (1.10.3-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Fri, 01 Dec 2023 11:47:14 +0100
Published in jammy-proposed
libgcrypt20 (1.9.4-3ubuntu3.1) jammy; urgency=medium

  * sha3: fix sha3 output for inputs > 4 GiB LP: #2044852
    - d/p/0007-keccak-Use-size_t-to-avoid-integer-overflow.patch

 -- Tobias Heider <email address hidden>  Mon, 27 Nov 2023 22:12:24 +0100
Superseded in noble-release
Published in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic)
libgcrypt20 (1.10.2-3ubuntu1) mantic; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/p/disable_fips_enabled_read.patch
      Disable the library reading /proc/sys/crypto/fips_enabled file
      and going into FIPS mode.
      libgcrypt is not a FIPS certified library.
  * Dropped changes, not needed:
    - d/p/12_lessdeps_libgcrypt-config.diff: refresh patch offsets
  * For Ubuntu, this fixes an FTBFS by following Debian 1.10.2-3 in
    dropping the use of --insert-timestamp (LP: #2036527).

Superseded in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic)
libgcrypt20 (1.10.2-2ubuntu1) mantic; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/p/disable_fips_enabled_read.patch
      Disable the library reading /proc/sys/crypto/fips_enabled file
      and going into FIPS mode.
      libgcrypt is not a FIPS certified library.
    - d/p/12_lessdeps_libgcrypt-config.diff: refresh patch offsets

 -- Adrien Nader <email address hidden>  Mon, 10 Jul 2023 15:41:13 +0200
Superseded in mantic-release
Published in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar)
libgcrypt20 (1.10.1-3ubuntu1) lunar; urgency=medium

  * Merge from Debian unstable (LP: #2003529). Remaining changes:
    - d/p/disable_fips_enabled_read.patch
      Disable the library reading /proc/sys/crypto/fips_enabled file
      and going into FIPS mode.
      libgcrypt is not a FIPS certified library.

Superseded in lunar-release
Obsolete in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic)
libgcrypt20 (1.10.1-2ubuntu1) kinetic; urgency=low

  * Merge from Debian unstable. (LP: #1974277) Remaining changes:
    - d/p/disable_fips_enabled_read.patch
      Disable the library reading /proc/sys/crypto/fips_enabled file
      and going into FIPS mode.
      libgcrypt is not a FIPS certified library.
  * Removed d/p/0001-Always-include-config.h-in-cipher-assembly-codes.patch
    since it's already included in the new version.
  * Removed d/p/0001-poly1305-fix-building-with-arm-linux-gnueabihf-gcc-1.patch
    since it's already included in the new version.
  * Refreshed d/p/12_lessdeps_libgcrypt-config.diff
    and d/p/disable_fips_enabled_read.patch due to offsets.

Superseded in kinetic-release
Published in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
libgcrypt20 (1.9.4-3ubuntu3) jammy; urgency=high

  * No change rebuild for ppc64el baseline bump.

 -- Julian Andres Klode <email address hidden>  Thu, 24 Mar 2022 13:12:17 +0100
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
libgcrypt20 (1.9.4-3ubuntu2) jammy; urgency=medium

  * Cherry-pick upstream patch to fix FTBFS on armhf.

Superseded in jammy-proposed
libgcrypt20 (1.9.4-3ubuntu1) jammy; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - Disable the library reading /proc/sys/crypto/fips_enabled file
      and going into FIPS mode. libgcrypt is not a FIPS certified library.
      (LP 1748310)
  * Drop CVE and CET patches, applied in Debian or upstreamed.
  * Cherry-pick one more patch from master to correctly enable assembly
    CET.

Available diffs

Superseded in jammy-release
Obsolete in impish-release
Deleted in impish-proposed (Reason: Moved to impish)
libgcrypt20 (1.8.7-5ubuntu2) impish; urgency=medium

  * SECURITY UPDATE: lack of exponent blinding in ElGamal encryption
    - debian/patches/CVE-2021-33560.patch: harden ElGamal by introducing
      exponent blinding too in cipher/elgamal.c.
    - CVE-2021-33560
  * SECURITY UPDATE: incorrect support of smaller K
    - debian/patches/CVE-2021-40528.patch: fix ElGamal encryption for other
      implementations in cipher/elgamal.c.
    - CVE-2021-40528

 -- Marc Deslauriers <email address hidden>  Thu, 16 Sep 2021 07:36:50 -0400

Available diffs

Published in focal-updates
Published in focal-security
libgcrypt20 (1.8.5-5ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: lack of exponent blinding in ElGamal encryption
    - debian/patches/CVE-2021-33560.patch: harden ElGamal by introducing
      exponent blinding too in cipher/elgamal.c.
    - CVE-2021-33560
  * SECURITY UPDATE: incorrect support of smaller K
    - debian/patches/CVE-2021-40528.patch: fix ElGamal encryption for other
      implementations in cipher/elgamal.c.
    - CVE-2021-40528

 -- Marc Deslauriers <email address hidden>  Tue, 14 Sep 2021 14:36:24 -0400
Obsolete in hirsute-updates
Obsolete in hirsute-security
libgcrypt20 (1.8.7-2ubuntu2.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: lack of exponent blinding in ElGamal encryption
    - debian/patches/CVE-2021-33560.patch: harden ElGamal by introducing
      exponent blinding too in cipher/elgamal.c.
    - CVE-2021-33560
  * SECURITY UPDATE: incorrect support of smaller K
    - debian/patches/CVE-2021-40528.patch: fix ElGamal encryption for other
      implementations in cipher/elgamal.c.
    - CVE-2021-40528

 -- Marc Deslauriers <email address hidden>  Tue, 14 Sep 2021 14:30:44 -0400
Published in bionic-updates
Published in bionic-security
libgcrypt20 (1.8.1-4ubuntu1.3) bionic-security; urgency=medium

  * SECURITY UPDATE: lack of exponent blinding in ElGamal encryption
    - debian/patches/CVE-2021-33560.patch: harden ElGamal by introducing
      exponent blinding too in cipher/elgamal.c.
    - CVE-2021-33560
  * SECURITY UPDATE: incorrect support of smaller K
    - debian/patches/CVE-2021-40528.patch: fix ElGamal encryption for other
      implementations in cipher/elgamal.c.
    - CVE-2021-40528

 -- Marc Deslauriers <email address hidden>  Tue, 14 Sep 2021 14:36:59 -0400
Superseded in impish-release
Deleted in impish-proposed (Reason: Moved to impish)
libgcrypt20 (1.8.7-5ubuntu1) impish; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Disable the library reading /proc/sys/crypto/fips_enabled file
      and going into FIPS mode. libgcrypt is not a FIPS certified library.
      (LP 1748310)
    - Enable CET.

Available diffs

Superseded in impish-release
Obsolete in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release)
libgcrypt20 (1.8.7-2ubuntu2) hirsute; urgency=medium

  * No-change rebuild to drop the udeb package.

 -- Matthias Klose <email address hidden>  Mon, 22 Feb 2021 10:34:38 +0100

Available diffs

Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release)
libgcrypt20 (1.8.7-2ubuntu1) hirsute; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Disable the library reading /proc/sys/crypto/fips_enabled file
      and going into FIPS mode. libgcrypt is not a FIPS certified library.
      (LP 1748310)
    - Enable CET.

Available diffs

Superseded in hirsute-release
Obsolete in groovy-release
Deleted in groovy-proposed (Reason: moved to Release)
libgcrypt20 (1.8.5-5ubuntu2) groovy; urgency=medium

  * Enable CET.

 -- Dimitri John Ledkov <email address hidden>  Fri, 26 Jun 2020 14:12:25 +0100

Available diffs

Superseded in groovy-release
Published in focal-release
Deleted in focal-proposed (Reason: moved to Release)
libgcrypt20 (1.8.5-5ubuntu1) focal; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Disable the library reading /proc/sys/crypto/fips_enabled file
      and going into FIPS mode. libgcrypt is not a FIPS certified library.
      (LP 1748310)

Available diffs

Published in xenial-updates
Published in xenial-security
libgcrypt20 (1.6.5-2ubuntu0.6) xenial-security; urgency=medium

  * SECURITY UPDATE: ECDSA timing attack
    - debian/patches/CVE-2019-13627.patch: add mitigation against timing
      attack in cipher/ecc-ecdsa.c, mpi/ec.c.
    - CVE-2019-13627

 -- Marc Deslauriers <email address hidden>  Mon, 13 Jan 2020 13:39:58 -0500
Superseded in bionic-updates
Superseded in bionic-security
libgcrypt20 (1.8.1-4ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: ECDSA timing attack
    - debian/patches/CVE-2019-13627-1.patch: add mitigation against timing
      attack in cipher/ecc-ecdsa.c, mpi/ec.c.
    - debian/patches/CVE-2019-13627-2.patch: fix use of nonce, use larger
      one in cipher/dsa-common.c, cipher/dsa.c, cipher/ecc-ecdsa.c,
      cipher/ecc-gost.c, cipher/pubkey-internal.h.
    - CVE-2019-13627

 -- Marc Deslauriers <email address hidden>  Thu, 28 Nov 2019 13:53:53 -0500
Obsolete in disco-updates
Obsolete in disco-security
libgcrypt20 (1.8.4-3ubuntu1.1) disco-security; urgency=medium

  * SECURITY UPDATE: ECDSA timing attack
    - debian/patches/CVE-2019-13627-1.patch: add mitigation against timing
      attack in cipher/ecc-ecdsa.c, mpi/ec.c.
    - debian/patches/CVE-2019-13627-2.patch: fix use of nonce, use larger
      one in cipher/dsa-common.c, cipher/dsa.c, cipher/ecc-ecdsa.c,
      cipher/ecc-gost.c, cipher/pubkey-internal.h.
    - CVE-2019-13627

 -- Marc Deslauriers <email address hidden>  Thu, 28 Nov 2019 13:53:23 -0500
Obsolete in eoan-updates
Obsolete in eoan-security
libgcrypt20 (1.8.4-5ubuntu2.1) eoan-security; urgency=medium

  * SECURITY UPDATE: ECDSA timing attack
    - debian/patches/CVE-2019-13627-1.patch: add mitigation against timing
      attack in cipher/ecc-ecdsa.c, mpi/ec.c.
    - debian/patches/CVE-2019-13627-2.patch: fix use of nonce, use larger
      one in cipher/dsa-common.c, cipher/dsa.c, cipher/ecc-ecdsa.c,
      cipher/ecc-gost.c, cipher/pubkey-internal.h.
    - CVE-2019-13627

 -- Marc Deslauriers <email address hidden>  Thu, 28 Nov 2019 13:50:59 -0500
Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
libgcrypt20 (1.8.5-3ubuntu1) focal; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Disable the library reading /proc/sys/crypto/fips_enabled file
      and going into FIPS mode. libgcrypt is not a FIPS certified library.
      (LP 1748310)
  * Dropped changes, included in Debian:
    - Build-depend on texlive-plain-generic instead of obsolete texlive-
      generic-recommended.

Available diffs

Superseded in focal-release
Obsolete in eoan-release
Deleted in eoan-proposed (Reason: moved to Release)
libgcrypt20 (1.8.4-5ubuntu2) eoan; urgency=medium

  * Build-depend on texlive-plain-generic instead of obsolete texlive-
    generic-recommended.

 -- Steve Langasek <email address hidden>  Tue, 01 Oct 2019 14:13:42 -0700

Available diffs

Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release)
libgcrypt20 (1.8.4-5ubuntu1) eoan; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Disable the library reading /proc/sys/crypto/fips_enabled file
      and going into FIPS mode. libgcrypt is not a FIPS certified library.
      (LP 1748310)
  * Fix spelling-error-in-patch-description "Decription" -> "Description"

Available diffs

Superseded in eoan-release
Obsolete in disco-release
Deleted in disco-proposed (Reason: moved to release)
libgcrypt20 (1.8.4-3ubuntu1) disco; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Disable the library reading /proc/sys/crypto/fips_enabled file
      and going into FIPS mode. libgcrypt is not a FIPS certified library.
      (LP 1748310)

Available diffs

Superseded in disco-release
Obsolete in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
libgcrypt20 (1.8.3-1ubuntu1) cosmic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Disable the library reading /proc/sys/crypto/fips_enabled file
      and going into FIPS mode. libgcrypt is not a FIPS certified library.
      (LP 1748310)

Available diffs

Obsolete in artful-updates
Obsolete in artful-security
libgcrypt20 (1.7.8-2ubuntu1.1) artful-security; urgency=medium

  * SECURITY UPDATE: memory-cache side-channel attack on ECDSA signatures
    - debian/patches/CVE-2018-0495.patch: add blinding for ECDSA in
      cipher/ecc-ecdsa.c.
    - CVE-2018-0495

 -- Marc Deslauriers <email address hidden>  Mon, 18 Jun 2018 09:29:48 -0400
Superseded in bionic-updates
Superseded in bionic-security
libgcrypt20 (1.8.1-4ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: memory-cache side-channel attack on ECDSA signatures
    - debian/patches/CVE-2018-0495.patch: add blinding for ECDSA in
      cipher/ecc-ecdsa.c.
    - CVE-2018-0495

 -- Marc Deslauriers <email address hidden>  Mon, 18 Jun 2018 09:28:30 -0400
Superseded in xenial-updates
Superseded in xenial-security
libgcrypt20 (1.6.5-2ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: memory-cache side-channel attack on ECDSA signatures
    - debian/patches/CVE-2018-0495.patch: add blinding for ECDSA in
      cipher/ecc-ecdsa.c.
    - CVE-2018-0495

 -- Marc Deslauriers <email address hidden>  Mon, 18 Jun 2018 09:30:10 -0400
Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
libgcrypt20 (1.8.2-2ubuntu1) cosmic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Disable the library reading /proc/sys/crypto/fips_enabled file
      and going into FIPS mode. libgcrypt is not a FIPS certified library.
      (LP 1748310)

Available diffs

Superseded in xenial-updates
Deleted in xenial-proposed (Reason: moved to -updates)
libgcrypt20 (1.6.5-2ubuntu0.4) xenial; urgency=medium

  * Disable the library reading /proc/sys/crypto/fips_enabled file
    and going into FIPS mode. This fixes a hang on boot when using a
    FIPS-enabled kernel with encrypted installations (LP: #1748310)
    - debian/patches/disable_fips_enabled_read.patch

 -- Vineetha Pai <email address hidden>  Fri, 16 Feb 2018 13:31:19 -0500
Superseded in cosmic-release
Published in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
libgcrypt20 (1.8.1-4ubuntu1) bionic; urgency=medium

  * Disable the library reading /proc/sys/crypto/fips_enabled file
    and going into FIPS mode. libgcrypt is not a FIPS certified library.
    (LP: #1748310)
    - debian/patches/disable_fips_enabled_read.patch

 -- Vineetha Pai <email address hidden>  Fri, 16 Feb 2018 13:45:04 -0500
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
libgcrypt20 (1.8.1-4) unstable; urgency=low

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Wed, 15 Nov 2017 18:52:21 +0100

Available diffs

Superseded in bionic-proposed
libgcrypt20 (1.7.9-2) unstable; urgency=medium

  * Sync debian/copyright with upstream's LICENSES file, adding the OCB
    license 1. Closes: #879984
  * [lintian] Drop trailing whitespace in control and changelog.
  * [lintian] Sync priorities with override file (extra -> optional).
  * [lintian] Fix typo in copyright file.

 -- Andreas Metzler <email address hidden>  Sat, 04 Nov 2017 16:37:16 +0100

Available diffs

Superseded in bionic-release
Obsolete in artful-release
Deleted in artful-proposed (Reason: moved to release)
libgcrypt20 (1.7.8-2ubuntu1) artful; urgency=medium

  * SECURITY UPDATE: Curve25519 side-channel attack
    - debian/patches/CVE-2017-0379.patch: add input validation for X25519
      to cipher/ecc.c, mpi/ec.c, src/mpi.h.
    - CVE-2017-0379

 -- Marc Deslauriers <email address hidden>  Thu, 14 Sep 2017 07:14:32 -0400
Obsolete in zesty-updates
Obsolete in zesty-security
libgcrypt20 (1.7.6-1ubuntu0.2) zesty-security; urgency=medium

  * SECURITY UPDATE: Curve25519 side-channel attack
    - debian/patches/CVE-2017-0379.patch: add input validation for X25519
      to cipher/ecc.c, mpi/ec.c, src/mpi.h.
    - CVE-2017-0379

 -- Marc Deslauriers <email address hidden>  Thu, 14 Sep 2017 07:12:13 -0400
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
libgcrypt20 (1.7.9-1) unstable; urgency=high

  * New upstream version, mitigates a local side-channel attack on Curve25519
    dubbed "May the Fourth be With You".  [CVE-2017-0379] Closes: #873383
    + Drop 30_mpi-Fix-mpi_set_secure.patch

 -- Andreas Metzler <email address hidden>  Sun, 27 Aug 2017 11:56:17 +0200
Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release)
libgcrypt20 (1.7.8-2) unstable; urgency=medium

  * 30_mpi-Fix-mpi_set_secure.patch from upstream LIBGCRYPT-1-7-BRANCH: Fix
    memory allocation in mpi_set_secure. Closes: #866964
  * Drop override_dh_strip from debian/rules.

 -- Andreas Metzler <email address hidden>  Thu, 06 Jul 2017 18:16:23 +0200

Available diffs

Obsolete in yakkety-updates
Obsolete in yakkety-security
libgcrypt20 (1.7.2-2ubuntu1.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: full RSA key recovery via side-channel attack
    - debian/patches/CVE-2017-7526-1.patch: simplify loop in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-2.patch: use same computation for square
      and multiply in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-3.patch: add exponent blinding in
      cipher/rsa.c.
    - debian/patches/CVE-2017-7526-4.patch: add free to cipher/rsa.c.
    - debian/patches/CVE-2017-7526-5.patch: add free to cipher/rsa.c.
    - CVE-2017-7526
  * SECURITY UPDATE: EdDSA key recovery via side-channel attack
    - debian/patches/CVE-2017-9526-1.patch: store EdDSA session key in
      secure memory in cipher/ecc-eddsa.c.
    - debian/patches/CVE-2017-9526-2.patch: fix SEGV and stat calculation
      src/secmem.c.
    - CVE-2017-9526

 -- Marc Deslauriers <email address hidden>  Mon, 03 Jul 2017 08:15:20 -0400
Superseded in xenial-updates
Superseded in xenial-security
libgcrypt20 (1.6.5-2ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: full RSA key recovery via side-channel attack
    - debian/patches/CVE-2017-7526-1.patch: simplify loop in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-2.patch: use same computation for square
      and multiply in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-3.patch: add exponent blinding in
      cipher/rsa.c.
    - debian/patches/CVE-2017-7526-4.patch: add free to cipher/rsa.c.
    - debian/patches/CVE-2017-7526-5.patch: add free to cipher/rsa.c.
    - CVE-2017-7526
  * SECURITY UPDATE: EdDSA key recovery via side-channel attack
    - debian/patches/CVE-2017-9526-1.patch: store EdDSA session key in
      secure memory in cipher/ecc-eddsa.c.
    - debian/patches/CVE-2017-9526-2.patch: fix SEGV and stat calculation
      src/secmem.c.
    - CVE-2017-9526

 -- Marc Deslauriers <email address hidden>  Mon, 03 Jul 2017 08:16:37 -0400
Superseded in zesty-updates
Superseded in zesty-security
libgcrypt20 (1.7.6-1ubuntu0.1) zesty-security; urgency=medium

  * SECURITY UPDATE: full RSA key recovery via side-channel attack
    - debian/patches/CVE-2017-7526-1.patch: simplify loop in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-2.patch: use same computation for square
      and multiply in mpi/mpi-pow.c.
    - debian/patches/CVE-2017-7526-3.patch: add exponent blinding in
      cipher/rsa.c.
    - debian/patches/CVE-2017-7526-4.patch: add free to cipher/rsa.c.
    - debian/patches/CVE-2017-7526-5.patch: add free to cipher/rsa.c.
    - CVE-2017-7526
  * SECURITY UPDATE: EdDSA key recovery via side-channel attack
    - debian/patches/CVE-2017-9526-1.patch: store EdDSA session key in
      secure memory in cipher/ecc-eddsa.c.
    - debian/patches/CVE-2017-9526-2.patch: fix SEGV and stat calculation
      src/secmem.c.
    - CVE-2017-9526

 -- Marc Deslauriers <email address hidden>  Mon, 03 Jul 2017 08:00:00 -0400
Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release)
libgcrypt20 (1.7.8-1) unstable; urgency=high

  * Fix 25_norevisionfromgit.diff to let ./configure generate a version-string
    without -beta suffix. LP: #1700157
  * New upstream version.
    + Mitigate a flush+reload side-channel attack on RSA secret keys dubbed
      "Sliding right into disaster".  For details see
      <https://eprint.iacr.org/2017/627>.  [CVE-2017-7526]

 -- Andreas Metzler <email address hidden>  Thu, 29 Jun 2017 18:27:03 +0200

Available diffs

Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release)
libgcrypt20 (1.7.7-2) unstable; urgency=low

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sun, 18 Jun 2017 11:28:58 +0200

Available diffs

150 of 77 results