[website] r1711 - html/trunk/blfs/advisories

Wed, 10 Feb 2021 12:54:09 -0800 

Author: ken
Date: Wed Feb 10 12:41:52 2021
New Revision: 1711

Log:
Add advisory re libgcrypt-1.9.0

For some reason I managed to convince myself that we did not
include this package in the book when I was first aware of this.

Modified:
   html/trunk/blfs/advisories/10.0.html
   html/trunk/blfs/advisories/consolidated.html

Modified: html/trunk/blfs/advisories/10.0.html
==============================================================================
--- html/trunk/blfs/advisories/10.0.html        Tue Feb  9 10:31:46 2021        
(r1710)
+++ html/trunk/blfs/advisories/10.0.html        Wed Feb 10 12:41:52 2021        
(r1711)
@@ -306,6 +306,12 @@
 
 <!-- end of LibEXIF -->
 
+    <h3>Libgcrypt</h3>
+    <h4>10.0 085 Libgcrypt  Date: 2021-02-10  Severity: High</h4>
+    <p>In Libgcrypt-1.9.0 there is a heap-based buffer overflow. To fix this,
+    update to libgcrypt-1.9.1 or later.
+    <a href=consolidated.html#10.0-085>10.0-085</a></p>
+
     <h3>Libpcap</h3>
 
     <h4>10.0 059 Libpcap  Date: 2021-01-04  Severity: High</h4>

Modified: html/trunk/blfs/advisories/consolidated.html
==============================================================================
--- html/trunk/blfs/advisories/consolidated.html        Tue Feb  9 10:31:46 
2021        (r1710)
+++ html/trunk/blfs/advisories/consolidated.html        Wed Feb 10 12:41:52 
2021        (r1711)
@@ -76,6 +76,14 @@
     replaced or archived). See the gstreamer links re 1.16 for an example of
     linking to a released book (old 10.0) -->
 
+    <h4>10.0 085 Libgcrypt  Date: 2021-02-10  Severity: High</h4>
+    <p>In Libgcrypt-1.9.0 there is a heap-based buffer overflow. See
+    <a 
href="https://nvd.nist.gov/vuln/detail/CVE-2021-3345";>CVE-2021-3345</a>.</p>
+    <p>To fix this, update to at least Libgcrypt-1.9.1 using the instructions
+    from the development book for
+    <a href="../view/svn/general/libgcrypt.html">Libgcrypt (sysv)</a> or
+    <a href="../view/systemd/general/libgcrypt.html">Libgcrypt 
(systemd)</a>.</p>
+
     <a id="10.0-084">
     <h4>10.0 084 Jasper  Updated: 2021-02-09  Severity: High</h4>
     <p>In Jasper 2.0.24, jp2_decode in jp2/jp2_dec.c in libjasper has a
-- 
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to