Bug#780121: unblock: libgcrypt20/1.6.3-2
Control: tag -1 confirmed Niels Thykier ni...@thykier.net (2015-03-14): On 2015-03-09 15:22, Andreas Metzler wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hello, Please unblock package libgcrypt20. This is bugfix only stable release, taking care of two side-channel vulnerabilities (CVE-2015-0837 and CVE-2014-3591): Noteworthy changes in version 1.6.3 (2015-02-27) [C20/A0/R3] * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical]. * Improved asm support for older toolchains. Find attached the filtered debdiff (| filterdiff -x '*/build-aux/*' -x '*/Makefile.in' -x '*/configure' -x '*/gcrypt.info*' -x '*/aclocal.m4') versus testing. thanks, cu Andreas unblock libgcrypt20/1.6.3-2 It is a bit noiser than I liked (especially without your filterdiff), Indeed (and thanks for the said filterdiff)… but ack from RT, CC'ing KiBi for a d-i ack. No objections, thanks. Mraw, KiBi. signature.asc Description: Digital signature
Bug#780121: unblock: libgcrypt20/1.6.3-2
Control: tags -1 d-i On 2015-03-09 15:22, Andreas Metzler wrote: Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hello, Please unblock package libgcrypt20. This is bugfix only stable release, taking care of two side-channel vulnerabilities (CVE-2015-0837 and CVE-2014-3591): Noteworthy changes in version 1.6.3 (2015-02-27) [C20/A0/R3] * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical]. * Improved asm support for older toolchains. Find attached the filtered debdiff (| filterdiff -x '*/build-aux/*' -x '*/Makefile.in' -x '*/configure' -x '*/gcrypt.info*' -x '*/aclocal.m4') versus testing. thanks, cu Andreas unblock libgcrypt20/1.6.3-2 It is a bit noiser than I liked (especially without your filterdiff), but ack from RT, CC'ing KiBi for a d-i ack. Thanks, ~Niels -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#780121: unblock: libgcrypt20/1.6.3-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hello, Please unblock package libgcrypt20. This is bugfix only stable release, taking care of two side-channel vulnerabilities (CVE-2015-0837 and CVE-2014-3591): Noteworthy changes in version 1.6.3 (2015-02-27) [C20/A0/R3] * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical]. * Improved asm support for older toolchains. Find attached the filtered debdiff (| filterdiff -x '*/build-aux/*' -x '*/Makefile.in' -x '*/configure' -x '*/gcrypt.info*' -x '*/aclocal.m4') versus testing. thanks, cu Andreas unblock libgcrypt20/1.6.3-2 -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' gcrypt-filtered.diff.gz Description: application/gzip signature.asc Description: Digital signature
