Your message dated Fri, 30 Aug 2019 17:06:41 +0000
with message-id <[email protected]>
and subject line Bug#938938: fixed in libgcrypt20 1.8.5-1
has caused the Debian Bug report #938938,
regarding libgcrypt20: CVE-2019-13627
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
938938: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=938938
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libgcrypt20
Version: 1.8.4-5
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for libgcrypt20.
CVE-2019-13627[0]:
ECDSA timing attack
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-13627
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libgcrypt20
Source-Version: 1.8.5-1
We believe that the bug you reported is fixed in the latest version of
libgcrypt20, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <[email protected]> (supplier of updated libgcrypt20 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 30 Aug 2019 18:44:49 +0200
Source: libgcrypt20
Architecture: source
Version: 1.8.5-1
Distribution: experimental
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <[email protected]>
Changed-By: Andreas Metzler <[email protected]>
Closes: 938938
Changes:
libgcrypt20 (1.8.5-1) experimental; urgency=medium
.
* Drop --add-udeb=libgcrypt20-udeb to work around debhelper bug #935577.
* New upstream version.
+ Fixes ECDSA timing attack. CVE-2019-13627 Closes: #938938
+ Drop 30_doc-Fix-library-initialization-examples.patch
+ Ship newly available pkgconfig file in libgcrypt20-dev, moving gpg-error
from Requires to Requires.private in new
13_lessdeps_libgcrypt-pkgconfig.diff.
Checksums-Sha1:
3dbd36d3b8083a868a614b91854bac52b66b082b 2806 libgcrypt20_1.8.5-1.dsc
2d8781e92f88706707a1e76fb628b499ad538a30 2991291 libgcrypt20_1.8.5.orig.tar.bz2
1da6da3b1869eee9b16c5cab61b793cddead9ce8 488 libgcrypt20_1.8.5.orig.tar.bz2.asc
d494d6d8eac79de35bfad30fabfc4422118c28bf 29172
libgcrypt20_1.8.5-1.debian.tar.xz
Checksums-Sha256:
f039cd86cf89c4ce9b9d90ccefaac8332f1813314e29ba7fb4c43b36806202a6 2806
libgcrypt20_1.8.5-1.dsc
3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3 2991291
libgcrypt20_1.8.5.orig.tar.bz2
4b24fda7847cd2b70ab19f4c38004a76bbdac46a1ddccff973ae88ba1296a22d 488
libgcrypt20_1.8.5.orig.tar.bz2.asc
c06fcdc3f6c2e5c86c9dc12430d89e04f392525229b42f967772fd5e5075e4fb 29172
libgcrypt20_1.8.5-1.debian.tar.xz
Files:
64a1332102e43b053c7f5737dab11e28 2806 libs optional libgcrypt20_1.8.5-1.dsc
348cc4601ca34307fc6cd6c945467743 2991291 libs optional
libgcrypt20_1.8.5.orig.tar.bz2
76aa31391f630b50ed0869abdf813921 488 libs optional
libgcrypt20_1.8.5.orig.tar.bz2.asc
93713a3de656ceeeae2fd59f233f24c6 29172 libs optional
libgcrypt20_1.8.5-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAl1pVCgACgkQpU8BhUOC
FIRReQ/7B+5PqmJd33s3jgq4UTpwdNZ4oM1ly1JlnXLavPX6Zvj+u03lOEoUaWls
DFK1f0twJ5R6GiaKZzrzExnbeYaV2qSSwugJ6ew7OgqUDwviq37WbZXIUFxPjzJO
QqnDHXjuqtroPlTMgGZisITf8Sk+Pq/rREygTFQvPbAfrSvh4kgQow9mcyfVEGHC
A26SJZUL1ultPzdXCVF0nmdf+UXwPKT9SOvKYnSVmE03DVU7LDNtljl4WNke8u5j
4zQPM7gFy7c9dSLlvSe+Ghhzi+IEGCIDPn7QwDcr4+sJkiL4xWqNEF3I8/+81ZuK
WLesSXOr/Hp0a3F4KbgSEP4SIL0a4Dv8t++Kl2YnlD32QhHWq0SKzrTPMnBlcoxU
ybTtzlhCH3+euO90kkPFnLkkxlEOj+iO39HEyzGlG7LOyATm6TrzqYxO/qlfMNxZ
bGk9SklwnoAfXzYYPTaHXLsteDMl0AGEi515OUXseD18cG0BxCbJe91I5hOc5oM0
l2rrctwxCrHU+NuAbg8VLbGamitHNCcg7vvRrd225cIbBg8hhgV+1/TQ6A9wGWL9
AwSGS2w9ExOmnjYC908VeLeIB3BKuG4cbfg4G3NxqUSkow/4PEkawfQ5pjc2yUaK
YqkKUEFU8x1UTapnxNRV90uJ6wubIu1eShuDc7oPsBcvfUejBC0=
=kHPk
-----END PGP SIGNATURE-----
--- End Message ---
