Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Hello, Please unblock package libgcrypt20. This is bugfix only stable release, taking care of two side-channel vulnerabilities (CVE-2015-0837 and CVE-2014-3591): Noteworthy changes in version 1.6.3 (2015-02-27) [C20/A0/R3] ------------------------------------------------ * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical]. * Improved asm support for older toolchains. Find attached the filtered debdiff (| filterdiff -x '*/build-aux/*' -x '*/Makefile.in' -x '*/configure' -x '*/gcrypt.info*' -x '*/aclocal.m4') versus testing. thanks, cu Andreas unblock libgcrypt20/1.6.3-2 -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
gcrypt-filtered.diff.gz
Description: application/gzip
signature.asc
Description: Digital signature