Account request + libgcrypt security finding
Bert van der Weerd
opalraava at riseup.net
Sat Apr 11 18:41:40 CEST 2026
Hi list,
I would love to open an issue on dev.gnupg.org, but that requires an account.
This mail is about the first of four high severity issues identified with some (current-gen) AI trickery. There are some 30-something other things flagged as mid to low severity.
As per sign-on page, my requested account details would be: handle: threadpanic, shown name: Bert van der Weerd, address: bert at teamspicy.net
The first patch is the first high severity issue: GCM silent zero-IV fallback — patch and demonstration program made by Claude Code.
I'm happy to discuss on-list; or privately first if preferred.
Thanks for your time,
--Bert
More information about the Gcrypt-devel
mailing list