Bug#989422: buster-pu: package libgcrypt20/1.8.4-5+deb10u1
Andreas Metzler
ametzler at bebt.de
Thu Jun 3 12:31:24 BST 2021
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org at packages.debian.org
Usertags: pu
X-Debbugs-Cc: libgcrypt20 at packages.debian.org,security at debian.org
Hello,
I would like to fix the non-DSA CVE-2021-33560 for buster by
cherrypicking the respective commit from 1.8.8. This is about weak
ElGamal encyption when a key not generated by libgcrypt/gnupg is used.
This was fixed in unstable's 1.8.7-6, with bullseye unblock request
#989421 sent a couple of minutes ago.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debdiff_5to5+deb10u1.diff
Type: text/x-diff
Size: 5087 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20210603/f847499d/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnutls-maint/attachments/20210603/f847499d/attachment.sig>
More information about the Pkg-gnutls-maint
mailing list