--- Begin Message ---
|
Subject: |
[PATCH 0/1] Update gcrypt [URGENT SECURITY ISSUE] |
|
Date: |
Sat, 30 Jan 2021 04:20:50 +0000 |
Hi Guix! Please review ASAP. This update fixes an exploitable heap overflow.
## Info
https://dev.gnupg.org/T5275
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html
Ryan Prior (1):
gnu: libgcrypt: Update to 1.9.1.
gnu/packages/gnupg.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--
2.30.0
--- End Message ---
--- Begin Message ---
|
Subject: |
Re: bug#46183: [PATCH 0/1] Update gcrypt [URGENT SECURITY ISSUE] |
|
Date: |
Mon, 01 Feb 2021 12:50:49 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
Hi,
Guillaume Le Vaillant <glv@posteo.net> skribis:
> According to the news at https://gnupg.org:
>
> Libgcrypt 1.9.1 released (2021-01-29) important
>
> Unfortunately we introduced a severe bug in Libgcrypt 1.9.0 released 10 days
> ago.
> If you already started to use version 1.9.0 please update immediately to
> 1.9.1.
>
> Currently the master and staging branch are using libgcrypt 1.8.5 and
> core-updates is using 1.8.7. These versions don't have the critical bug
> as it was introduced in version 1.9.0. So I think updating libgcrypt on
> master is not an emergency, we just have to remember to never use
> version 1.9.0.
Indeed. So closing this bug. That said, we can update libgcrypt in
‘core-updates’.
Ludo’.
--- End Message ---