CVE-2019-12904 and the next libgcrypt release.

Werner Koch wk at
Tue Jul 2 13:37:05 CEST 2019

On Wed, 26 Jun 2019 18:13, asif.haswarey at said:

> I was wondering if the vulnerability has been determined to be
> legitimate and if we will see a new release with this vulnerability

Not yet and thus don't see a reason for any immediate action.  In fact,
static tables are very common in crypto software and thus many more AES
implementations would be affected.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gcrypt-devel mailing list