[3.6] Libgcrypt 1.7.8 released to fix CVE-2017-7526
https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
- Mitigate a flush+reload side-channel attack on RSA secret keys
dubbed “Sliding right into disaster”. For details see
<https://eprint.iacr.org/2017/627>. [CVE-2017-7526]
Looks like libgcrypt needs to be fixed in stable branches.
(from redmine: issue id 7476, created on 2017-07-05, closed on 2017-07-05)
- Relations:
- parent #7475 (closed)
- Changesets:
- Revision 0a136a75 by Natanael Copa on 2017-07-05T08:16:52Z:
main/libgcrypt: security upgrade to 1.7.8 (CVE-2017-7526)
fixes #7476