[Announce] [security fix] Libgcrypt and GnuPG

Werner Koch wk at gnupg.org
Mon Aug 11 12:11:33 CEST 2014

On Sat,  9 Aug 2014 11:32, ametzler at bebt.de said:
> libgcrypt 1.5.3 -> 1.5.4 seem to be essentiall 5 git commits. - Is
> the bugfix in a single commit, and if it is which one?

  7235b8d Release 1.5.4.
  e2ba318 mpi: fix gcry_mpi_powm for negative base.
* 62e8e12 mpi: mpi-pow improvement.
  6c3598f Replace deliberate division by zero with _gcry_divide_by_zero.
  2c05a94 mpi: Fix a subtle bug setting spurious bits with in mpi_set_bit.
  6366348 Declare eol.
  450adc3 tests: Add bench-slope.
  182640a w32: Fix installing of .def file.
  497478c Fix bug in _gcry_mpi_tdiv_q_2exp.

The fix is the marked one.  However, the previous fix is also needed to
apply cleanly.  I would also suggest to apply 2c05a94 which might be the
reason for some rare bugs.  Some applications might be affected by
497478c.  e2ba318 is for correctness.  The others are not important.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list