CVSROOT: /cvs Module name: ports Changes by: ajacou...@cvs.openbsd.org 2021/01/29 05:14:13
Modified files: security/libgcrypt: Makefile distinfo security/libgcrypt/patches: patch-configure_ac Removed files: security/libgcrypt/patches: patch-cipher_kdf_c Log message: SECURITY update to libgcrypt-1.9.1. >From https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html: There is a heap buffer overflow in libgcrypt due to an incorrect assumption in the block buffer management code. Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs.