Change logs for libgcrypt20 source package in Stretch

  • libgcrypt20 (1.7.6-2+deb9u3) stretch-security; urgency=high
    
      * Non-maintainer upload by the Security Team.
      * ecc: Add blinding for ECDSA (CVE-2018-0495)
    
     -- Salvatore Bonaccorso <email address hidden>  Fri, 15 Jun 2018 11:58:05 +0200
  • libgcrypt20 (1.7.6-2+deb9u2) stretch-security; urgency=high
    
      * Non-maintainer upload by the Security Team.
      * ecc: Add input validation for X25519 [CVE-2017-0379]
        Mitigate a local side-channel attack on Curve25519 dubbed "May the
        Fourth be With You". (Closes: #873383)
    
     -- Salvatore Bonaccorso <email address hidden>  Sun, 27 Aug 2017 11:58:04 +0200
  • libgcrypt20 (1.7.6-2+deb9u1) stretch-security; urgency=high
    
      * 31_CVE-2017-752*.patch from upstream 1.7.8 release: Mitigate a
        flush+reload side-channel attack on RSA secret keys dubbed "Sliding right
        into disaster". For details see <https://eprint.iacr.org/2017/627>.
        [CVE-2017-7526]
    
     -- Andreas Metzler <email address hidden>  Sat, 01 Jul 2017 11:01:58 +0200
  • libgcrypt20 (1.7.6-2) unstable; urgency=high
    
      * Refresh debian/upstream/signing-key.asc, key-expiry-dates bumped.
      * Pull two fixes from gcrypt 1.7.7 bugfix release:
        + 30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch
          Fix possible timing attack on EdDSA session key.
        + 30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch
          Fix long standing bug in secure memory implementation which could lead
          to a segv on free.
    
     -- Andreas Metzler <email address hidden>  Sat, 03 Jun 2017 10:58:36 +0200
  • libgcrypt20 (1.7.6-1) unstable; urgency=medium
    
      * New upstream version, includes
        30_rijndael-ssse3-fix-counter-operand-from-read-only-to.patch.
    
     -- Andreas Metzler <email address hidden>  Thu, 26 Jan 2017 11:58:32 +0100
  • libgcrypt20 (1.7.5-3) unstable; urgency=medium
    
      * 30_rijndael-ssse3-fix-counter-operand-from-read-only-to.patch from
        upstream GIT master: Fix SSE3 assembly on Nehalem.
    
     -- Andreas Metzler <email address hidden>  Sat, 14 Jan 2017 11:06:04 +0100
  • libgcrypt20 (1.7.5-2) unstable; urgency=medium
    
      * Upload to unstable.
    
     -- Andreas Metzler <email address hidden>  Sat, 17 Dec 2016 08:38:47 +0100
  • libgcrypt20 (1.7.3-2) unstable; urgency=medium
    
      [ Helmut Grohne / Andreas Metzler ]
      * Turn libgcrypt11-dev into an Arch:any package. Closes: #840205
    
     -- Andreas Metzler <email address hidden>  Sun, 09 Oct 2016 18:00:59 +0200
  • libgcrypt20 (1.7.3-1) unstable; urgency=high
    
      * New upstream version.
        Fix critical security bug in the RNG [CVE-2016-6313].  An
        attacker who obtains 580 bytes from the standard RNG can
        trivially predict the next 20 bytes of output.
    
     -- Andreas Metzler <email address hidden>  Thu, 18 Aug 2016 07:47:10 +0200
  • libgcrypt20 (1.7.2-2) unstable; urgency=low
    
      * Upload to unstable.
    
     -- Andreas Metzler <email address hidden>  Sun, 17 Jul 2016 15:32:09 +0200
  • libgcrypt20 (1.7.1-2) unstable; urgency=medium
    
      * Upload to unstable.
    
     -- Andreas Metzler <email address hidden>  Sat, 18 Jun 2016 07:24:03 +0200
  • libgcrypt20 (1.7.0-2) unstable; urgency=low
    
      * Upload to unstable.
    
     -- Andreas Metzler <email address hidden>  Sun, 17 Apr 2016 13:16:30 +0200
  • libgcrypt20 (1.6.5-2) unstable; urgency=medium
    
      * serial-tests was added in automake 1.12, add versioned b-d.
      * Upload to unstable.
    
     -- Andreas Metzler <email address hidden>  Wed, 10 Feb 2016 12:01:58 +0100
  • libgcrypt20 (1.6.4-5) unstable; urgency=medium
    
      * Move Vcs-* from git/http to https.
      * Add 30_support_source_date_epoch.diff: Support setting BUILD_TIMESTAMP
        using SOURCE_DATE_EPOCH through the SOURCE_DATE_EPOCH environment
        variable. (Thanks, Jérémy Bobbio!). Use/b-d on dh-autoreconf instead of
        autotools-dev. Closes: #812428
    
     -- Andreas Metzler <email address hidden>  Sun, 24 Jan 2016 16:00:41 +0100
  • libgcrypt20 (1.6.4-4) unstable; urgency=medium
    
      * Delete build-aux/texinfo.tex and let texinfo use the system copy instead
        to prevent breakage in pdf generation in UTF-8 locale. Closes: #803081
      * Migrate from libgcrypt20-dbg to ddebs. dh_strip's --ddeb-migration
        option was added to debhelper/unstable with version 9.20150628, bump
        build-dependency accordingly.
    
     -- Andreas Metzler <email address hidden>  Fri, 25 Dec 2015 14:06:18 +0100
  • libgcrypt20 (1.6.4-3) unstable; urgency=medium
    
      * Upload to unstable.
      * Ship pdf instead of postscript docs.
    
     -- Andreas Metzler <email address hidden>  Sun, 18 Oct 2015 13:37:58 +0200
  • libgcrypt20 (1.6.3-2) unstable; urgency=medium
    
    
      * Upload to unstable.
      * Fix Vcs-Browser link.
    
     -- Andreas Metzler <email address hidden>  Sun, 01 Mar 2015 13:46:59 +0100