[Announce] Libgcrypt 1.7.8 released to fix CVE-2017-7526
bernhard at intevation.de
Wed Jul 5 16:13:02 CEST 2017
Am Dienstag 04 Juli 2017 18:30:28 schrieb Werner Koch:
> On Tue, 4 Jul 2017 12:05, johanw at vulcan.xs4all.nl said:
> > Is 1.4 vulnerable to this attack as well? I know it ows not use
> > libgcrypt but I'm not sure about the vulnerability.
> Maybe. And probably also to a lot of other local side channel attacks.
In general I think it would be useful to have information available that
shows which versions of GnuPG and libgcrypt are exposed to this or other
weaknesses and what the consequences are.
People now know which that there are versions
with this vulnerability and without it.
My concept so far:
libgcrypt 1.8 -beta since commit
Thu, 29 Jun 2017 04:11:37 +0200 (11:11 +0900)
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users