Ubuntu
libgcrypt20 package

gcrypt.h reports version of libgcrypt20 as 1.7.2-beta

Bug #1700157 reported by Jonathan White on 2017-06-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	libgcrypt20 (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

The package delivered by yakkety (16.10) advertises libcrypt as being version 1.7.2. However, the version reported in gcrypt.h (line 65) in define GCRYPT_VERSION is 1.7.2-beta. I believe this to be an error, or at the very least the package should be updated to a non-beta version.

CVE References

2017-7526

Revision history for this message

Jonathan White (droidmonkey) wrote on 2017-06-23:

Also, upon upgrading to 17.04, gcrypt.h shows GCRYPT_VERSION as being 1.7.6-beta.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-06-30:

This bug was fixed in the package libgcrypt20 - 1.7.8-1

---------------
libgcrypt20 (1.7.8-1) unstable; urgency=high

  * Fix 25_norevisionfromgit.diff to let ./configure generate a version-string
    without -beta suffix. LP: #1700157
  * New upstream version.
    + Mitigate a flush+reload side-channel attack on RSA secret keys dubbed
      "Sliding right into disaster". For details see
      <https://eprint.iacr.org/2017/627>. [CVE-2017-7526]

-- Andreas Metzler <email address hidden> Thu, 29 Jun 2017 18:27:03 +0200

Changed in libgcrypt20 (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulibgcrypt20 package