[ubuntu/impish-proposed] libgcrypt20 1.8.7-5ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Sep 16 12:16:14 UTC 2021 

libgcrypt20 (1.8.7-5ubuntu2) impish; urgency=medium

  * SECURITY UPDATE: lack of exponent blinding in ElGamal encryption
    - debian/patches/CVE-2021-33560.patch: harden ElGamal by introducing
      exponent blinding too in cipher/elgamal.c.
    - CVE-2021-33560
  * SECURITY UPDATE: incorrect support of smaller K
    - debian/patches/CVE-2021-40528.patch: fix ElGamal encryption for other
      implementations in cipher/elgamal.c.
    - CVE-2021-40528

Date: Thu, 16 Sep 2021 07:36:50 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libgcrypt20/1.8.7-5ubuntu2
-------------- next part --------------
Format: 1.8
Date: Thu, 16 Sep 2021 07:36:50 -0400
Source: libgcrypt20
Built-For-Profiles: noudeb
Architecture: source
Version: 1.8.7-5ubuntu2
Distribution: impish
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 libgcrypt20 (1.8.7-5ubuntu2) impish; urgency=medium
 .
   * SECURITY UPDATE: lack of exponent blinding in ElGamal encryption
     - debian/patches/CVE-2021-33560.patch: harden ElGamal by introducing
       exponent blinding too in cipher/elgamal.c.
     - CVE-2021-33560
   * SECURITY UPDATE: incorrect support of smaller K
     - debian/patches/CVE-2021-40528.patch: fix ElGamal encryption for other
       implementations in cipher/elgamal.c.
     - CVE-2021-40528
Checksums-Sha1:
 7771578d6ac4f1b12355818903e0fd9a06252fcf 2907 libgcrypt20_1.8.7-5ubuntu2.dsc
 a9ea39407fc17ffb02ab698f32284b0d5ec76a2c 41648 libgcrypt20_1.8.7-5ubuntu2.debian.tar.xz
 2a981fc18f2f54af7fe437fb68646fc26c5e41be 6333 libgcrypt20_1.8.7-5ubuntu2_source.buildinfo
Checksums-Sha256:
 ffa2d4e5ac99243b23a086d8d8d04eb487bc5584da1df7f3db0014d22a84e934 2907 libgcrypt20_1.8.7-5ubuntu2.dsc
 9ede8bf3bd2376d829053604cd5440ec97e40797b44270a82404b1f8c8489763 41648 libgcrypt20_1.8.7-5ubuntu2.debian.tar.xz
 f42e2b60952c3adb1140a535e5579036ed1f659447657d9c70721b526bbe7b9f 6333 libgcrypt20_1.8.7-5ubuntu2_source.buildinfo
Files:
 602b78254098a9241f573737ac42d45e 2907 libs optional libgcrypt20_1.8.7-5ubuntu2.dsc
 67c3eff67f2598431a3ddc25c7f7f48b 41648 libs optional libgcrypt20_1.8.7-5ubuntu2.debian.tar.xz
 671862227b0b255696417a658fa1653e 6333 libs optional libgcrypt20_1.8.7-5ubuntu2_source.buildinfo
Original-Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint at lists.alioth.debian.org>

More information about the impish-changes mailing list