GNU bug report logs - #46183
[PATCH 0/1] Update gcrypt [URGENT SECURITY ISSUE]

Previous Next

Package: guix-patches;

Reported by: Ryan Prior <rprior <at> protonmail.com>

Date: Sat, 30 Jan 2021 04:22:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #25 received at 46183-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Guillaume Le Vaillant <glv <at> posteo.net>
Cc: Tobias Geerinckx-Rice <me <at> tobias.gr>, 46183-done <at> debbugs.gnu.org,
 Ryan Prior <rprior <at> protonmail.com>
Subject: Re: bug#46183: [PATCH 0/1] Update gcrypt [URGENT SECURITY ISSUE]
Date: Mon, 01 Feb 2021 12:50:49 +0100

Hi,

Guillaume Le Vaillant <glv <at> posteo.net> skribis:

> According to the news at https://gnupg.org:
>
> Libgcrypt 1.9.1 released (2021-01-29)   important
>
> Unfortunately we introduced a severe bug in Libgcrypt 1.9.0 released 10 days ago.
> If you already started to use version 1.9.0 please update immediately to 1.9.1.
>
> Currently the master and staging branch are using libgcrypt 1.8.5 and
> core-updates is using 1.8.7. These versions don't have the critical bug
> as it was introduced in version 1.9.0. So I think updating libgcrypt on
> master is not an emergency, we just have to remember to never use
> version 1.9.0.

Indeed.  So closing this bug.  That said, we can update libgcrypt in
‘core-updates’.

Ludo’.

This bug report was last modified 4 years and 105 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #46183 [PATCH 0/1] Update gcrypt [URGENT SECURITY ISSUE]

GNU bug report logs - #46183
[PATCH 0/1] Update gcrypt [URGENT SECURITY ISSUE]