[Buildroot] [PATCH 2/5] package/libgcrypt: security bump to version 1.9.3

Peter Korsgaard peter at korsgaard.com
Tue Jul 13 21:39:18 UTC 2021


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > Fix CVE-2021-33560: Libgcrypt before 1.8.8 and 1.9.x before 1.9.3
 > mishandles ElGamal encryption because it lacks exponent blinding to
 > address a side-channel attack against mpi_powm, and the window size is
 > not chosen appropriately. (There is also an interoperability problem
 > because the selection of the k integer value does not properly consider
 > the differences between basic ElGamal encryption and generalized ElGamal
 > encryption.) This, for example, affects use of ElGamal in OpenPGP.

 > https://dev.gnupg.org/T5305

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed to 2021.02.x and 2021.05.x, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list