[Announce] [security fix] Libgcrypt and GnuPG
Andreas Metzler
ametzler at bebt.de
Sat Aug 9 11:32:10 CEST 2014
Werner Koch <wk at gnupg.org> wrote:
[...]
> While evaluating the "Get Your Hands Off My Laptop" [1] paper I missed
> to describe [2] a software combination which has not been fixed and is
> thus vulnerable to the attack described by the paper. If you are using
[...]
> gpg2 --version
> on the command line; the second line of the output gives the Libgcrypt
> version:
> gpg (GnuPG) 2.0.25
> libgcrypt 1.5.3
> In this example Libgcrypt is vulnerable.
[ and 1.5.4 is not ... ]
Hello,
libgcrypt 1.5.3 -> 1.5.4 seem to be essentiall 5 git commits. - Is
the bugfix in a single commit, and if it is which one?
thanks, cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Gcrypt-devel
mailing list