Information on source package libgcrypt20

Available versions

ReleaseVersion
jessie (security)1.6.3-2+deb8u4
stretch (security)1.7.6-2+deb9u2
buster1.8.1-4
sid1.8.1-4

Open issues

BugjessiestretchbustersidDescription
TEMP-0000000-96B2E9vulnerable (no DSA)fixedfixedfixedhardening for RSA-CRT leak
CVE-2018-6829vulnerablevulnerablevulnerablevulnerablecipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt ...

Resolved issues

BugDescription
CVE-2017-9526In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key ...
CVE-2017-7526Use of left-to-right sliding window method allows full RSA key recovery
CVE-2017-0379Libgcrypt before 1.8.1 does not properly consider Curve25519 ...
CVE-2016-6313The mixing functions in the random number generator in Libgcrypt ...
CVE-2015-7511Libgcrypt before 1.6.5 does not properly perform elliptic-point curve ...
CVE-2015-0837data-dependent timing variations in modular exponentiation
CVE-2014-5270Libgcrypt before 1.5.4, as used in GnuPG and other products, does not ...
CVE-2014-3591sidechannel attack on Elgamal

Security announcements

DSA / DLADescription
DSA-3959-1libgcrypt20 - security update
DSA-3901-1libgcrypt20 - security update
DSA-3901-1libgcrypt20 - security update
DSA-3880-1libgcrypt20 - security update
DSA-3650-1libgcrypt20 - security update
DSA-3474-1libgcrypt20 - security update

Search for package or bug name: Reporting problems