[Buildroot] [PATCH 2/5] package/libgcrypt: security bump to version 1.9.3
Peter Korsgaard
peter at korsgaard.com
Tue Jul 13 21:39:18 UTC 2021
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> Fix CVE-2021-33560: Libgcrypt before 1.8.8 and 1.9.x before 1.9.3
> mishandles ElGamal encryption because it lacks exponent blinding to
> address a side-channel attack against mpi_powm, and the window size is
> not chosen appropriately. (There is also an interoperability problem
> because the selection of the k integer value does not properly consider
> the differences between basic ElGamal encryption and generalized ElGamal
> encryption.) This, for example, affects use of ElGamal in OpenPGP.
> https://dev.gnupg.org/T5305
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2021.02.x and 2021.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list