Debian
libgcrypt20 package

Change logs for libgcrypt20 source package in Stretch

  1. Stretch (9.0)
  2. Change log 
  • libgcrypt20 (1.7.6-2+deb9u3) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * ecc: Add blinding for ECDSA (CVE-2018-0495)

 -- Salvatore Bonaccorso <email address hidden>  Fri, 15 Jun 2018 11:58:05 +0200
  • libgcrypt20 (1.7.6-2+deb9u2) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * ecc: Add input validation for X25519 [CVE-2017-0379]
    Mitigate a local side-channel attack on Curve25519 dubbed "May the
    Fourth be With You". (Closes: #873383)

 -- Salvatore Bonaccorso <email address hidden>  Sun, 27 Aug 2017 11:58:04 +0200
  • libgcrypt20 (1.7.6-2+deb9u1) stretch-security; urgency=high

  * 31_CVE-2017-752*.patch from upstream 1.7.8 release: Mitigate a
    flush+reload side-channel attack on RSA secret keys dubbed "Sliding right
    into disaster". For details see <https://eprint.iacr.org/2017/627>.
    [CVE-2017-7526]

 -- Andreas Metzler <email address hidden>  Sat, 01 Jul 2017 11:01:58 +0200
  • libgcrypt20 (1.7.6-2) unstable; urgency=high

  * Refresh debian/upstream/signing-key.asc, key-expiry-dates bumped.
  * Pull two fixes from gcrypt 1.7.7 bugfix release:
    + 30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch
      Fix possible timing attack on EdDSA session key.
    + 30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch
      Fix long standing bug in secure memory implementation which could lead
      to a segv on free.

 -- Andreas Metzler <email address hidden>  Sat, 03 Jun 2017 10:58:36 +0200
  • libgcrypt20 (1.7.6-1) unstable; urgency=medium

  * New upstream version, includes
    30_rijndael-ssse3-fix-counter-operand-from-read-only-to.patch.

 -- Andreas Metzler <email address hidden>  Thu, 26 Jan 2017 11:58:32 +0100
  • libgcrypt20 (1.7.5-3) unstable; urgency=medium

  * 30_rijndael-ssse3-fix-counter-operand-from-read-only-to.patch from
    upstream GIT master: Fix SSE3 assembly on Nehalem.

 -- Andreas Metzler <email address hidden>  Sat, 14 Jan 2017 11:06:04 +0100
  • libgcrypt20 (1.7.5-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sat, 17 Dec 2016 08:38:47 +0100
  • libgcrypt20 (1.7.3-2) unstable; urgency=medium

  [ Helmut Grohne / Andreas Metzler ]
  * Turn libgcrypt11-dev into an Arch:any package. Closes: #840205

 -- Andreas Metzler <email address hidden>  Sun, 09 Oct 2016 18:00:59 +0200
  • libgcrypt20 (1.7.3-1) unstable; urgency=high

  * New upstream version.
    Fix critical security bug in the RNG [CVE-2016-6313].  An
    attacker who obtains 580 bytes from the standard RNG can
    trivially predict the next 20 bytes of output.

 -- Andreas Metzler <email address hidden>  Thu, 18 Aug 2016 07:47:10 +0200
  • libgcrypt20 (1.7.2-2) unstable; urgency=low

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sun, 17 Jul 2016 15:32:09 +0200
  • libgcrypt20 (1.7.1-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sat, 18 Jun 2016 07:24:03 +0200
  • libgcrypt20 (1.7.0-2) unstable; urgency=low

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sun, 17 Apr 2016 13:16:30 +0200
  • libgcrypt20 (1.6.5-2) unstable; urgency=medium

  * serial-tests was added in automake 1.12, add versioned b-d.
  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Wed, 10 Feb 2016 12:01:58 +0100
  • libgcrypt20 (1.6.4-5) unstable; urgency=medium

  * Move Vcs-* from git/http to https.
  * Add 30_support_source_date_epoch.diff: Support setting BUILD_TIMESTAMP
    using SOURCE_DATE_EPOCH through the SOURCE_DATE_EPOCH environment
    variable. (Thanks, Jérémy Bobbio!). Use/b-d on dh-autoreconf instead of
    autotools-dev. Closes: #812428

 -- Andreas Metzler <email address hidden>  Sun, 24 Jan 2016 16:00:41 +0100
  • libgcrypt20 (1.6.4-4) unstable; urgency=medium

  * Delete build-aux/texinfo.tex and let texinfo use the system copy instead
    to prevent breakage in pdf generation in UTF-8 locale. Closes: #803081
  * Migrate from libgcrypt20-dbg to ddebs. dh_strip's --ddeb-migration
    option was added to debhelper/unstable with version 9.20150628, bump
    build-dependency accordingly.

 -- Andreas Metzler <email address hidden>  Fri, 25 Dec 2015 14:06:18 +0100
  • libgcrypt20 (1.6.4-3) unstable; urgency=medium

  * Upload to unstable.
  * Ship pdf instead of postscript docs.

 -- Andreas Metzler <email address hidden>  Sun, 18 Oct 2015 13:37:58 +0200
  • libgcrypt20 (1.6.3-2) unstable; urgency=medium


  * Upload to unstable.
  * Fix Vcs-Browser link.

 -- Andreas Metzler <email address hidden>  Sun, 01 Mar 2015 13:46:59 +0100