CVE-2019-13627

NameCVE-2019-13627
DescriptionECDSA timing attack
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs938938

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libgcrypt20 (PTS)jessie1.6.3-2+deb8u4vulnerable
jessie (security)1.6.3-2+deb8u5vulnerable
stretch (security), stretch1.7.6-2+deb9u3vulnerable
buster1.8.4-5vulnerable
bullseye, sid1.8.5-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libgcrypt11source(unstable)(unfixed)
libgcrypt20source(unstable)1.8.5-1938938

Notes

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=b9577f7c89b4327edc09f2231bc8b31521102c79 (master)
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=7c2943309d14407b51c8166c4dcecb56a3628567 (master)
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=d5407b78cca9f9d318a4f4d2f6ba2b8388584cd9 (1.8.5)
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=db4e9976cc31b314aafad6626b2894e86ee44d60 (1.8.5)

Search for package or bug name: Reporting problems