Wheezy update of libgcrypt11?
Ola Lundqvist
ola at inguza.com
Thu Aug 18 20:21:20 UTC 2016
Hi Chris, GnuPG maintainers, GnuTLS maintainers and LTS team
I have now prepared an updated libgcrypt11 package.
I have simply taken the two patches from libgcrypt20 and applied them
to libgcrypt11. They applied cleanly with just a little "fuzz".
The debdiff is available here:
http://apt.inguza.net/wheezy-security/libgcrypt11/libgcrypt11.debdiff
And the prepared packages are available here:
http://apt.inguza.net/wheezy-security/libgcrypt11/
I have not tried to reproduce the problem reported as I'm not an
expert in cryptography mathematics. And especially not random
generators. If anyone knows of a tool to reproduce the random
generation problem I'm eager to know.
Regarding regression testing I have installed the built package and
tried a few tools that depend on libgcrypt11. However I'm not sure I
trigger this function in some way. If anyone know of a good way to do
regression testing of libgcrypt11 I'm eager to know that too.
As this is such a critical function (as Chris clearly pointed out) I'd
like as many as possible to have a look at what I have done.
If I do not hear any objections in four days I'll upload the
correction. That is on Monday next week.
Thanks in advance and best regards
// Ola
On Thu, Aug 18, 2016 at 11:26 AM, Chris Lamb <lamby at debian.org> wrote:
> [Adding Ola Lundqvist <ola at inguza.com> to CC]
>
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of libgcrypt11:
>> https://security-tracker.debian.org/tracker/CVE-2016-6313
>
> Ola, I notice that you have claimed this package in data/dla-needed.txt.
>
> As this is an especially sensitive package, it would seem prudent to
> get as many eyes on your debdiffs prior to upload, either from the GnuPG
> maintainers and/or on the debian-lts list.
>
>
> Regards,
>
> --
> ,''`.
> : :' : Chris Lamb
> `. `'` lamby at debian.org / chris-lamb.co.uk
> `-
--
--- Inguza Technology AB --- MSc in Information Technology ----
/ ola at inguza.com Folkebogatan 26 \
| opal at debian.org 654 68 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
More information about the Pkg-gnutls-maint
mailing list