Exploitable overflow in Libgcrypt 1.9.0
Closed, ResolvedPublic


There is a severe bug in Libgcrypt 1.9.0 released last week (T4294).
Do not use 1.9.0 but wait for 1.9.1 (T5259).

The bug was introduced with commit rCe76617cbab in March 2019 but no version except for 1.9.0 has ever been released with it. The fix included in 1.9.1 is commit rC512c0c7527

werner changed the status of subtask T5259: Release Libgcrypt 1.9.1 from Open to Testing.
werner changed the task status from Open to Testing.Fri, Jan 29, 11:27 AM

Fix has been released. Keeping this in testing state for easier visibility of this task.

werner updated the task description. (Show Details)Fri, Jan 29, 12:34 PM
werner changed External Link from https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000455.html to https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html.
jstein added a subscriber: jstein.Sat, Jan 30, 11:08 PM
werner closed this task as Resolved.Wed, Feb 3, 8:07 AM
werner claimed this task.