-
libgcrypt11 (1.5.0-3ubuntu0.9) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: ECDSA timing attack
- debian/patches/CVE-2019-13627.patch: add mitigation against timing
attack in cipher/ecc.c, mpi/ec.c.
- CVE-2019-13627
-- <email address hidden> (Leonidas S. Barbosa) Tue, 28 Jan 2020 11:54:33 -0300
-
libgcrypt11 (1.5.0-3ubuntu0.6) precise-security; urgency=medium
* SECURITY UPDATE: random number generator prediction
- debian/patches/CVE-2016-6313-1.patch: improve the diagram showing the
random mixing in random/random-csprng.c.
- debian/patches/CVE-2016-6313-2.patch: hash continuous areas in the
csprng pool in random/random-csprng.c.
- CVE-2016-6313
-- Marc Deslauriers <email address hidden> Wed, 17 Aug 2016 13:41:27 -0400
-
libgcrypt11 (1.5.0-3ubuntu0.5) precise-security; urgency=medium
* SECURITY UPDATE: side-channel attack on ECDH
- debian/patches/CVE-2015-7511.patch: perform input validation in
cipher/ecc.c, src/mpi.h, use constant-time multiplication in
mpi/ec.c.
- CVE-2015-7511
* debian/patches/fix_ec_point_addition.patch: fix addition of EC points
in mpi/ec.c.
-- Marc Deslauriers <email address hidden> Wed, 10 Feb 2016 11:12:46 -0500
-
libgcrypt11 (1.5.0-3ubuntu0.4) precise-security; urgency=medium
* SECURITY UPDATE: sidechannel attack on Elgamal
- debian/patches/CVE-2014-3591.patch: use ciphertext blinding in
cipher/elgamal.c.
- CVE-2014-3591
* SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm
- debian/patches/CVE-2015-0837.patch: avoid timing variations in
mpi/mpi-pow.c, mpi/mpiutil.c, src/mpi.h.
- CVE-2015-0837
-- Marc Deslauriers <email address hidden> Thu, 26 Mar 2015 08:51:49 -0400
-
libgcrypt11 (1.5.0-3ubuntu0.3) precise-security; urgency=medium
* SECURITY UPDATE: side-channel attack on Elgamal encryption subkeys
- debian/patches/add_gcry_divide_by_zero.patch: replace deliberate
division by zero with new _gcry_divide_by_zero().
- debian/patches/CVE-2014-5270.patch: use sliding window method for
exponentiation algorithm in mpi/mpi-pow.c.
- CVE-2014-5270
-- Marc Deslauriers <email address hidden> Tue, 19 Aug 2014 09:09:17 -0400
-
libgcrypt11 (1.5.0-3ubuntu0.2) precise-security; urgency=low
* SECURITY UPDATE: The path of execution in an exponentiation function may
depend upon secret key data, allowing a local attacker to determine the
contents of the secret key through a side-channel attack.
- debian/patches/CVE-2013-4242.diff: always perform the mpi_mul for
exponents in secure memory. Based on upstream patch.
- CVE-2013-4242
-- Seth Arnold <email address hidden> Tue, 30 Jul 2013 17:31:37 -0700
-
libgcrypt11 (1.5.0-3ubuntu0.1) precise-proposed; urgency=low
* Do not call global_init when setting thread callbacks (LP: #423252)
-- Adam Stokes <email address hidden> Wed, 16 May 2012 13:35:06 -0400
-
libgcrypt11 (1.5.0-3) unstable; urgency=low
* Upload to unstable.
* Drop 20_workaroundarmgcc.diff (1.4.6/unstable). It seems to be unnecessary
with 1.5.0.
* libgcrypt11 Breaks gnupg2|gpgsm (<< 2.0.17-2ubuntu2) and libgnutls26 (<<
2.12.7-3). See https://bugs.launchpad.net/bugs/815190 and
https://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00001.html
libgcrypt11 (1.5.0-2) experimental; urgency=low
* Add a symbols file (Based on binary shipped in squeeze.) Closes: #550077
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 17 Oct 2011 11:05:38 +0000
-
libgcrypt11 (1.5.0-1) experimental; urgency=low
* Merge multi-arch changes (1.4.6-6 and 1.4.6-7), drop libtool la file.
* Drop CFLAGS += -Wall again, it has become unnecessary.
* New upstream version.
* Bump shlibs
libgcrypt11 (1.5.0~beta1-1) experimental; urgency=low
* Development release.
* Drop 13_ftbfs_gold.diff. (applied upstream)
* Bump shlibs.
* Run ./configure with --enable-static option, it is disabled by default
now.
* Set CFLAGS += -Wall, the latest combination of cdbs + dpkg-dev does not
seem to set it by default.
libgcrypt11 (1.4.6-7) unstable; urgency=low
* Do not use multiarch path in udeb. (Thanks, Colin Watson)
libgcrypt11 (1.4.6-6) unstable; urgency=low
* Stop shipping libtool la file. This should take care of LP: #751142
* Convert to multi-arch.
+ configure with --libdir=/lib/$(DEB_HOST_MULTIARCH), update
*.install accordingly.
+ Bump cdbs Build-Depends to 0.4.93 (required for expanding
$(DEB_HOST_MULTIARCH)).
+ Bump debhelper b-d to 8.1.3 (for ${misc:Pre-Depends}).
+ runtime library is Multi-Arch: same and has Pre-Depends:
${misc:Pre-Depends}.
+ This is based on 1.4.6-5ubuntu1, however some differences remain. -dbg
package is not Multi-Arch: same (Due to usr/lib/debug/usr/bin/*). We
ship the so-symlink in /lib/$(DEB_HOST_MULTIARCH) instead of
/usr/lib/$(DEB_HOST_MULTIARCH).
-- Rico Tzschichholz <email address hidden> Mon, 11 Jul 2011 11:22:32 +0000