[ubuntu/vivid-proposed] libgcrypt20 1.6.2-4ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Mar 26 21:44:56 UTC 2015


libgcrypt20 (1.6.2-4ubuntu2) vivid; urgency=medium

  * SECURITY UPDATE: sidechannel attack on Elgamal
    - debian/patches/CVE-2014-3591.patch: use ciphertext blinding in
      cipher/elgamal.c.
    - CVE-2014-3591
  * SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
    - debian/patches/CVE-2015-0837.patch: avoid timing variations in
      mpi/mpi-pow.c, mpi/mpiutil.c, src/mpi.h.
    - CVE-2015-0837

Date: Thu, 26 Mar 2015 07:17:50 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libgcrypt20/1.6.2-4ubuntu2
-------------- next part --------------
Format: 1.8
Date: Thu, 26 Mar 2015 07:17:50 -0400
Source: libgcrypt20
Binary: libgcrypt20-doc libgcrypt20-dev libgcrypt20-dbg libgcrypt20 libgcrypt20-udeb libgcrypt11-dev
Architecture: source
Version: 1.6.2-4ubuntu2
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libgcrypt11-dev - transitional libgcrypt11-dev package
 libgcrypt20 - LGPL Crypto library - runtime library
 libgcrypt20-dbg - LGPL Crypto library - debugger files
 libgcrypt20-dev - LGPL Crypto library - development files
 libgcrypt20-doc - LGPL Crypto library - documentation
 libgcrypt20-udeb - LGPL Crypto library - runtime library (udeb)
Changes:
 libgcrypt20 (1.6.2-4ubuntu2) vivid; urgency=medium
 .
   * SECURITY UPDATE: sidechannel attack on Elgamal
     - debian/patches/CVE-2014-3591.patch: use ciphertext blinding in
       cipher/elgamal.c.
     - CVE-2014-3591
   * SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
     - debian/patches/CVE-2015-0837.patch: avoid timing variations in
       mpi/mpi-pow.c, mpi/mpiutil.c, src/mpi.h.
     - CVE-2015-0837
Checksums-Sha1:
 30a2dca31d200be8d764164d2b43f0337fbfd9aa 2678 libgcrypt20_1.6.2-4ubuntu2.dsc
 aa8872a74f6c4cb490d30e8ffbeb4b6133623ca4 27084 libgcrypt20_1.6.2-4ubuntu2.debian.tar.xz
Checksums-Sha256:
 ad1805649de03bca97d623047deb238eb3a2c71329c9c29d27b97948d4e3928c 2678 libgcrypt20_1.6.2-4ubuntu2.dsc
 8e804677e0125a554e99b5d0186e3354171a8ebcb82f61f49353406764560e1b 27084 libgcrypt20_1.6.2-4ubuntu2.debian.tar.xz
Files:
 49b7bcc5e43b2a742899e0bfbbd0e480 2678 libs optional libgcrypt20_1.6.2-4ubuntu2.dsc
 70ff8c46ad8ce488b8f713435b26f3c8 27084 libs optional libgcrypt20_1.6.2-4ubuntu2.debian.tar.xz
Original-Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint at lists.alioth.debian.org>


More information about the Vivid-changes mailing list