-
6d22d61...
by
Salvatore Bonaccorso
on 2018-06-15
-
Import patches-unapplied version 1.7.6-2+deb9u3 to debian/stretch
Imported using git-ubuntu import.
Changelog parent: dd6f1ee6d297efd567a623400fe940bbd4cfa449
New changelog entries:
* Non-maintainer upload by the Security Team.
* ecc: Add blinding for ECDSA (CVE-2018-0495)
-
dd6f1ee...
by
Salvatore Bonaccorso
on 2017-08-27
-
Import patches-unapplied version 1.7.6-2+deb9u2 to debian/stretch
Imported using git-ubuntu import.
Changelog parent: 8b4b0df0903a1611b3d9fa601c8faa523bfb9713
New changelog entries:
* Non-maintainer upload by the Security Team.
* ecc: Add input validation for X25519 [CVE-2017-0379]
Mitigate a local side-channel attack on Curve25519 dubbed "May the
Fourth be With You". (Closes: #873383)
-
8b4b0df...
by
Andreas Metzler <email address hidden>
on 2017-07-01
-
Import patches-unapplied version 1.7.6-2+deb9u1 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 5bec3b6042b1516d06647cb9e7049ada4d3b3b21
New changelog entries:
* 31_CVE-2017-752*.patch from upstream 1.7.8 release: Mitigate a
flush+reload side-channel attack on RSA secret keys dubbed "Sliding right
into disaster". For details see <https://eprint.iacr.org/2017/627>.
[CVE-2017-7526]
-
5bec3b6...
by
Andreas Metzler <email address hidden>
on 2017-06-03
-
Import patches-unapplied version 1.7.6-2 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 7df3c037d955e0643721c045d909222f6d7474ba
New changelog entries:
* Refresh debian/upstream/signing-key.asc, key-expiry-dates bumped.
* Pull two fixes from gcrypt 1.7.7 bugfix release:
+ 30_gcry177_01-ecc-Store-EdDSA-session-key-in-secure-memory.patch
Fix possible timing attack on EdDSA session key.
+ 30_gcry177_02-secmem-Fix-SEGV-and-stat-calculation.patch
Fix long standing bug in secure memory implementation which could lead
to a segv on free.
-
7df3c03...
by
Andreas Metzler <email address hidden>
on 2017-01-26
-
Import patches-unapplied version 1.7.6-1 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 0850ad3d9ffede6ba1eda58102a859275bb18fe7
New changelog entries:
* New upstream version, includes
30_rijndael-ssse3-fix-counter-operand-from-read-only-to.patch.
-
0850ad3...
by
Andreas Metzler <email address hidden>
on 2017-01-14
-
Import patches-unapplied version 1.7.5-3 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 6183438aac014fbb7da755190d3af930d0baa90b
New changelog entries:
* 30_rijndael-ssse3-fix-counter-operand-from-read-only-to.patch from
upstream GIT master: Fix SSE3 assembly on Nehalem.
-
6183438...
by
Andreas Metzler <email address hidden>
on 2016-12-17
-
Import patches-unapplied version 1.7.5-2 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 07c37de22c6afe919b43955890fa87d6fde9378d
New changelog entries:
* Upload to unstable.
-
07c37de...
by
Andreas Metzler <email address hidden>
on 2016-12-15
-
Import patches-unapplied version 1.7.5-1 to debian/experimental
Imported using git-ubuntu import.
Changelog parent: 07460c0a7288733af68d824f962a44f912ff3c66
New changelog entries:
* New upstream version.
-
07460c0...
by
Andreas Metzler <email address hidden>
on 2016-10-09
-
Import patches-unapplied version 1.7.3-2 to debian/sid
Imported using git-ubuntu import.
Changelog parent: 19fb5b6541a384005720589e33e5636fe3c4f31d
New changelog entries:
[ Helmut Grohne / Andreas Metzler ]
* Turn libgcrypt11-dev into an Arch:any package. Closes: #840205
-
19fb5b6...
by
Andreas Metzler <email address hidden>
on 2016-08-18
-
Import patches-unapplied version 1.7.3-1 to debian/sid
Imported using git-ubuntu import.
Changelog parent: efd83578712d009dd6bc916f32e9599219440773
New changelog entries:
* New upstream version.
Fix critical security bug in the RNG [CVE-2016-6313]. An
attacker who obtains 580 bytes from the standard RNG can
trivially predict the next 20 bytes of output.
