[Bug 1700157] Re: gcrypt.h reports version of libgcrypt20 as 1.7.2-beta
Launchpad Bug Tracker
1700157 at bugs.launchpad.net
Fri Jun 30 12:38:06 UTC 2017
This bug was fixed in the package libgcrypt20 - 1.7.8-1
---------------
libgcrypt20 (1.7.8-1) unstable; urgency=high
* Fix 25_norevisionfromgit.diff to let ./configure generate a version-string
without -beta suffix. LP: #1700157
* New upstream version.
+ Mitigate a flush+reload side-channel attack on RSA secret keys dubbed
"Sliding right into disaster". For details see
<https://eprint.iacr.org/2017/627>. [CVE-2017-7526]
-- Andreas Metzler <ametzler at debian.org> Thu, 29 Jun 2017 18:27:03
+0200
** Changed in: libgcrypt20 (Ubuntu)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7526
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libgcrypt20 in Ubuntu.
https://bugs.launchpad.net/bugs/1700157
Title:
gcrypt.h reports version of libgcrypt20 as 1.7.2-beta
Status in libgcrypt20 package in Ubuntu:
Fix Released
Bug description:
The package delivered by yakkety (16.10) advertises libcrypt as being
version 1.7.2. However, the version reported in gcrypt.h (line 65) in
define GCRYPT_VERSION is 1.7.2-beta. I believe this to be an error, or
at the very least the package should be updated to a non-beta version.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libgcrypt20/+bug/1700157/+subscriptions
More information about the foundations-bugs
mailing list