CVE-2019-12904 and the next libgcrypt release.

Haswarey, Asif asif.haswarey at intel.com
Fri Jun 21 22:08:08 CEST 2019


Hi!

LIBGCRYPT developers and users are aware of the libgcrypt vulnerability CVE-2019-12904:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904

libgcrypt master branch has 2 commits that address this vulnerability:

https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762

Since these commits are in the master branch, and the latest libgcrypt release
is 1.8.4 (diverged branch), the 2 commits do not apply without conflicts onto
the libgcrypt-1.8.4 branch HEAD with no conflicts.

Would anyone know:

1) What the next release (with the CVE-2019-12904 fixes) is going to be (1.8.5 / 1.9) ?
2) When the next release (with the CVE-2019-12904 fixes) will be announced?

Thanks for any feedback on this issue!
_
Asif



More information about the Gcrypt-devel mailing list