Bug#780121: unblock: libgcrypt20/1.6.3-2
Andreas Metzler
ametzler at bebt.de
Mon Mar 9 14:22:14 UTC 2015
Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock
Hello,
Please unblock package libgcrypt20. This is bugfix only stable
release, taking care of two side-channel vulnerabilities (CVE-2015-0837
and CVE-2014-3591):
Noteworthy changes in version 1.6.3 (2015-02-27) [C20/A0/R3]
------------------------------------------------
* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
* Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical].
* Improved asm support for older toolchains.
Find attached the filtered debdiff (| filterdiff -x '*/build-aux/*' -x
'*/Makefile.in' -x '*/configure' -x '*/gcrypt.info*' -x
'*/aclocal.m4') versus testing.
thanks, cu Andreas
unblock libgcrypt20/1.6.3-2
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gcrypt-filtered.diff.gz
Type: application/gzip
Size: 19824 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20150309/8fa356b4/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20150309/8fa356b4/attachment-0001.sig>
More information about the Pkg-gnutls-maint
mailing list