CVSROOT: /cvs
Module name: ports
Changes by: ajacou...@cvs.openbsd.org 2021/01/29 05:14:13
Modified files:
security/libgcrypt: Makefile distinfo
security/libgcrypt/patches: patch-configure_ac
Removed files:
security/libgcrypt/patches: patch-cipher_kdf_c
Log message:
SECURITY update to libgcrypt-1.9.1.
>From https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html:
There is a heap buffer overflow in libgcrypt due to an incorrect
assumption in the block buffer management code. Just decrypting some
data can overflow a heap buffer with attacker controlled data, no
verification or signature is validated before the vulnerability
occurs.
