Information on source package libgcrypt20

Available versions

ReleaseVersion
buster1.8.4-5+deb10u1
bullseye1.8.7-6
bookworm1.10.1-3
trixie1.10.3-2
sid1.10.3-2

Open issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2024-2236vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableA timing-based side-channel flaw was found in libgcrypt's RSA implemen ...
CVE-2021-33560vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedLibgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encry ...
CVE-2019-13627vulnerable (no DSA)fixedfixedfixedfixedIt was discovered that there was a ECDSA timing attack in the libgcryp ...

Open unimportant issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2018-6829vulnerablevulnerablevulnerablevulnerablevulnerablecipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt mess ...

Resolved issues

BugDescription
TEMP-0000000-96B2E9hardening for RSA-CRT leak
CVE-2021-40528The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext ...
CVE-2021-3345_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9. ...
CVE-2018-0495Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache s ...
CVE-2017-9526In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session ke ...
CVE-2017-7526libgcrypt before version 1.7.8 is vulnerable to a cache side-channel a ...
CVE-2017-0379Libgcrypt before 1.8.1 does not properly consider Curve25519 side-chan ...
CVE-2016-6313The mixing functions in the random number generator in Libgcrypt befor ...
CVE-2015-7511Libgcrypt before 1.6.5 does not properly perform elliptic-point curve ...
CVE-2015-0837The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.1 ...
CVE-2014-5270Libgcrypt before 1.5.4, as used in GnuPG and other products, does not ...
CVE-2014-3591Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciph ...

Security announcements

DSA / DLADescription
DLA-2691-1libgcrypt20 - security update
DLA-1931-2libgcrypt20 - regression update
DLA-1931-1libgcrypt20 - security update
DLA-1405-1libgcrypt20 - security update
DSA-4231-1libgcrypt20 - security update
DSA-3959-1libgcrypt20 - security update
DSA-3901-1libgcrypt20 - security update
DSA-3880-1libgcrypt20 - security update
DSA-3650-1libgcrypt20 - security update
DSA-3474-1libgcrypt20 - security update

Search for package or bug name: Reporting problems