[ubuntu/xenial-proposed] libgcrypt20 1.6.4-5ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Feb 10 16:29:14 UTC 2016
libgcrypt20 (1.6.4-5ubuntu1) xenial; urgency=medium
* SECURITY UPDATE: side-channel attack on ECDH
- debian/patches/CVE-2015-7511.patch: perform input validation and fix
error paths in cipher/ecc.c, use constant-time multiplication in
mpi/ec.c.
- CVE-2015-7511
Date: Wed, 10 Feb 2016 10:54:55 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/libgcrypt20/1.6.4-5ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 10 Feb 2016 10:54:55 -0500
Source: libgcrypt20
Binary: libgcrypt20-doc libgcrypt20-dev libgcrypt20 libgcrypt20-udeb libgcrypt11-dev
Architecture: source
Version: 1.6.4-5ubuntu1
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libgcrypt11-dev - transitional libgcrypt11-dev package
libgcrypt20 - LGPL Crypto library - runtime library
libgcrypt20-dev - LGPL Crypto library - development files
libgcrypt20-doc - LGPL Crypto library - documentation
libgcrypt20-udeb - LGPL Crypto library - runtime library (udeb)
Changes:
libgcrypt20 (1.6.4-5ubuntu1) xenial; urgency=medium
.
* SECURITY UPDATE: side-channel attack on ECDH
- debian/patches/CVE-2015-7511.patch: perform input validation and fix
error paths in cipher/ecc.c, use constant-time multiplication in
mpi/ec.c.
- CVE-2015-7511
Checksums-Sha1:
624e9402e6c6014078c83053b43efb8899dc1bd6 2609 libgcrypt20_1.6.4-5ubuntu1.dsc
d968e41c08d299243cd97c971680ef376bc73b17 31084 libgcrypt20_1.6.4-5ubuntu1.debian.tar.xz
Checksums-Sha256:
5f8a663964368b139a24ae922194273ea95c810e2209efcbc886d0f8375a04aa 2609 libgcrypt20_1.6.4-5ubuntu1.dsc
799223868abb565c7222ddcf3fc2f1e01e0c5816c9d8acd6c764293c47cd6a39 31084 libgcrypt20_1.6.4-5ubuntu1.debian.tar.xz
Files:
4896b6a817582b9ce4ce73c3d1f8e93e 2609 libs optional libgcrypt20_1.6.4-5ubuntu1.dsc
4b4826a3256cb38094cbd52050c4c6b7 31084 libs optional libgcrypt20_1.6.4-5ubuntu1.debian.tar.xz
Original-Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWu2UaAAoJEGVp2FWnRL6TPAwP/0t5F7mY+BAWUuOw6iEm47DF
BhLqFcpiQ9YnnYyt2SBxw95zMhffa2Y8xy8YD1FjAVcPDbjOzGpuuoT8FsubfDKF
N3i6/6sJFUa7KmilYhwUtDW3UHIZbgVB2VGTAmkYoQRVDdnCJRl9ohzJEfbbRAdJ
46gWimrqT4p7KVp59rVoz7eipCiUizaa805R2j3SdXQfiHHMlm9ECclYf2HDuaEV
W1ycUSLJx9Awnhq6pX6xAJUFbduBtQnL3EQIEkY+rcD7IJ4IKkji6KT1edgfgYK3
4FGKrtVZKoXq7zV8umK7gxOyYHZ9UuviA5i0ruVB7lUwouz1husWS84gVwVcOAei
ty491vcomV/bYkaPxz8dZOW1I0ePa/WjEXVlLLUhpJoDalKAuuspwefKa7zSG/pN
8eACbxSNrB70ZQLl4JtDmA76K9MNgSJGLSkEIrbzvo1G095GRw7Zisixq+08Tq59
UQ1aQ5xCsikuMalESKGgDey9oS14yiA/RqkslRxLFtuKGCOjQZw92BgiatJyZrKS
ri+qICNE/eErFKu5sRX2YlwPux6BAU6x06O2F9dZq/WFcfAX0wmEmAYLW2Gyu3Kz
QQaXeDyXCwTEUa4kVWQizxrlnNH1UFdgJKHYUj20BmcdO03BCMeZvgVUxZlqkBtF
+PuuoywbK5+L94HEP7Ma
=4U/P
-----END PGP SIGNATURE-----
More information about the Xenial-changes
mailing list