Opened 4 months ago

Closed 3 months ago

#15450 closed enhancement (fixed)

libgcrypt-1.9.4

Reported by: Bruce Dubbs Owned by: pierre
Priority: elevated Milestone: 11.0
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (5)

comment:1 by Douglas R. Reno, 4 months ago

Priority: normalelevated

This appears to be a security release (just pointing out the CVE, left out the rest of the fixes):

Fix Elgamal encryption for other implementations. [T5328,CVE-2021-33560]

Looks like it's rated 7.5 HIGH, and the issue has been public since March. There is a paper written on it, and it can be found here: https://eprint.iacr.org/2021/923.pdf - it was originally introduced in the year 2000.

comment:2 by Douglas R. Reno, 3 months ago

Milestone: 11.111.0

Promote back to 11.0.

comment:3 by pierre, 3 months ago

Owner: changed from blfs-book to pierre
Status: newassigned

comment:4 by pierre, 3 months ago

Noteworthy changes in version 1.9.4 (2021-08-22)  [C23/A3/R4]
------------------------------------------------

 * Bug fixes:

   - Fix Elgamal encryption for other implementations. [#5328,CVE-2021-33560]
   - Fix alignment problem on macOS.  [#5440]
   - Check the input length of the point in ECDH.  [#5423]
   - Fix an abort in gcry_pk_get_param for "Curve25519".  [#5490]

 * Other features:
   - Add GCM and CCM to OID mapping table for AES. [a83fb13a3b]

comment:5 by pierre, 3 months ago

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.