Opened 4 years ago
Closed 4 years ago
#15450 closed enhancement (fixed)
libgcrypt-1.9.4
| Reported by: | Bruce Dubbs | Owned by: | pierre |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version.
Change History (5)
comment:1 by , 4 years ago
| Priority: | normal → elevated |
|---|
comment:3 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:4 by , 4 years ago
Noteworthy changes in version 1.9.4 (2021-08-22) [C23/A3/R4] ------------------------------------------------ * Bug fixes: - Fix Elgamal encryption for other implementations. [#5328,CVE-2021-33560] - Fix alignment problem on macOS. [#5440] - Check the input length of the point in ECDH. [#5423] - Fix an abort in gcry_pk_get_param for "Curve25519". [#5490] * Other features: - Add GCM and CCM to OID mapping table for AES. [a83fb13a3b]
comment:5 by , 4 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at commit a541e08052de257f233a34bae776d373a5a30012
Note:
See TracTickets
for help on using tickets.
This appears to be a security release (just pointing out the CVE, left out the rest of the fixes):
Fix Elgamal encryption for other implementations. [T5328,CVE-2021-33560]
Looks like it's rated 7.5 HIGH, and the issue has been public since March. There is a paper written on it, and it can be found here: https://eprint.iacr.org/2021/923.pdf - it was originally introduced in the year 2000.