Ubuntu
libgcrypt20 package

Change logs for libgcrypt20 source package in Disco

  1. Disco (19.04)
  2. Change log 
  • libgcrypt20 (1.8.4-3ubuntu1.1) disco-security; urgency=medium

  * SECURITY UPDATE: ECDSA timing attack
    - debian/patches/CVE-2019-13627-1.patch: add mitigation against timing
      attack in cipher/ecc-ecdsa.c, mpi/ec.c.
    - debian/patches/CVE-2019-13627-2.patch: fix use of nonce, use larger
      one in cipher/dsa-common.c, cipher/dsa.c, cipher/ecc-ecdsa.c,
      cipher/ecc-gost.c, cipher/pubkey-internal.h.
    - CVE-2019-13627

 -- Marc Deslauriers <email address hidden>  Thu, 28 Nov 2019 13:53:23 -0500
  • libgcrypt20 (1.8.4-3ubuntu1) disco; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Disable the library reading /proc/sys/crypto/fips_enabled file
      and going into FIPS mode. libgcrypt is not a FIPS certified library.
      (LP 1748310)

libgcrypt20 (1.8.4-3) unstable; urgency=medium

  * Fix arch-indep build error by running dh_auto_install for both -arch and
    -indep builds.

libgcrypt20 (1.8.4-2) unstable; urgency=medium

  * Upload to unstable.
  * Use dh_missing.
  * Ship info files from installed tree (debian/tmp/) instead of from doc/.

libgcrypt20 (1.8.4-1) experimental; urgency=medium

  * New upstream bugfix release.
    + Drop 40-*.patch.

libgcrypt20 (1.8.3-2) experimental; urgency=low

  * Update from LIBGCRYPT-1.8-BRANCH:
    + 40-01-Post-release-updates.patch
    + 40-02-random-Fix-hang-of-_gcry_rndjent_get_version.patch
    + 40-03-sexp-Fix-uninitialized-use-of-a-var-in-the-error-cas.patch
    + 40-04-ecc-Fix-potential-unintended-freeing-of-an-internal-.patch
    + 40-06-ecc-Fix-possible-memory-leakage-in-parameter-check-o.patch
    + 40-07-ecc-Fix-memory-leak-in-the-error-case-of-ecc_encrypt.patch
    + 40-08-Fix-memory-leak-in-secmem-in-out-of-core-conditions.patch
    + 40-09-doc-Update-yat2m.c-from-upstream-libgpg-error.patch
    + 40-10-build-Add-release-make-target.patch

 -- Julian Andres Klode <email address hidden>  Mon, 12 Nov 2018 11:24:05 +0100
  • libgcrypt20 (1.8.3-1ubuntu1) cosmic; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Disable the library reading /proc/sys/crypto/fips_enabled file
      and going into FIPS mode. libgcrypt is not a FIPS certified library.
      (LP 1748310)

libgcrypt20 (1.8.3-1) unstable; urgency=high

  * [lintian] Fix spelling-error-in-patch-description in
    15_multiarchpath_in_-L.diff.
  * New upstream version.
    + Use blinding for ECDSA signing to mitigate a novel side-channel
      attack.  CVE-2018-0495
  * [lintian] Delete trailing empty lines in changelog.

 -- Julian Andres Klode <email address hidden>  Tue, 10 Jul 2018 14:00:16 +0200