[Git][security-tracker-team/security-tracker][master] Update references for libgcrypt20 issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 23 08:08:36 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
83beb2a1 by Salvatore Bonaccorso at 2026-04-23T09:07:47+02:00
Update references for libgcrypt20 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1017,7 +1017,7 @@ CVE-2026-XXXX [libgcrypt ECDH buffer overwrite with zeroes]
 	- libgcrypt20 1.12.2-1
 	NOTE: https://www.openwall.com/lists/oss-security/2026/04/21/1
 	NOTE: https://dev.gnupg.org/T8211
-	NOTE: Fixed in 2d3d732c9bf87cc10729f69678dd9e6862f99fa3
+	NOTE: Fixed by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=2d3d732c9bf87cc10729f69678dd9e6862f99fa3 (libgcrypt-1.12.2)
 CVE-2026-XXXX [libgcrypt missing bounds check to the Dilithium context handling]
 	- libgcrypt20 1.12.2-1
 	[trixie] - libgcrypt20 <not-affected> (Vulnerable code not present)
@@ -1025,8 +1025,8 @@ CVE-2026-XXXX [libgcrypt missing bounds check to the Dilithium context handling]
 	[bullseye] - libgcrypt20 <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/04/21/1
 	NOTE: https://dev.gnupg.org/T8208
-	NOTE: Fixed in 905e00f046a71e5670517779afaf85a354952832
-	NOTE: Introduced in libgcrypt-1.12.0
+	NOTE: Introduced with: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=1b422366e2b3b5438713418b50f8a0a1abf8d365 (libgcrypt-1.12.0)
+	NOTE: Fixed by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=905e00f046a71e5670517779afaf85a354952832 (libgcrypt-1.12.2)
 CVE-2026-6840 (Missing bounds validation for operator could  allow out of range opera ...)
 	NOT-FOR-US: Samsung
 CVE-2026-6839 (Improper validation of STRING tensor offsets could allows malformed st ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83beb2a1a60837e377af3f3d9223d98acff66bd0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83beb2a1a60837e377af3f3d9223d98acff66bd0
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260423/6ad6bf80/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list