GNU bug report logs - #46183
[PATCH 0/1] Update gcrypt [URGENT SECURITY ISSUE]

Previous Next

Package: guix-patches;

Reported by: Ryan Prior <rprior <at> protonmail.com>

Date: Sat, 30 Jan 2021 04:22:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: lordyuuma <at> gmail.com
To: Ryan Prior <rprior <at> protonmail.com>, 46183 <at> debbugs.gnu.org
Subject: [bug#46183] [PATCH 0/1] Update gcrypt [URGENT SECURITY ISSUE]
Date: Sat, 30 Jan 2021 08:56:08 +0100

Hi Ryan,

Am Samstag, den 30.01.2021, 04:20 +0000 schrieb Ryan Prior:
> Hi Guix! Please review ASAP. This update fixes an exploitable heap
> overflow.
> 
> https://dev.gnupg.org/T5275
> 
> https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html

I have some good news and some bad news.  The good news is, that
according to your sources this affects only version 1.9.0, so master is
currently safe.  The bad news is, that libgcrypt has more than 10000
dependants, so an update for it should go to core-updates.

Regards,
Leo

This bug report was last modified 4 years and 106 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #46183 [PATCH 0/1] Update gcrypt [URGENT SECURITY ISSUE]

GNU bug report logs - #46183
[PATCH 0/1] Update gcrypt [URGENT SECURITY ISSUE]