Summary: | security/libgcrypt: update to 1.7.8 (fix CVE-2017-7526) | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Carlos J. Puga Medina <cpm> | ||||
Component: | Individual Port(s) | Assignee: | Carlos J. Puga Medina <cpm> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Many People | CC: | admins, amontalban, farrokhi, lwhsu, portmgr, sa.inbox | ||||
Priority: | --- | Keywords: | patch, patch-ready | ||||
Version: | Latest | Flags: | cpm:
merge-quarterly+
cpm: exp-run? |
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Carlos J. Puga Medina
2017-06-30 12:23:00 UTC
Exp-run looks fine. A commit references this bug: Author: cpm Date: Tue Jul 4 17:38:31 UTC 2017 New revision: 445028 URL: https://svnweb.freebsd.org/changeset/ports/445028 Log: security/libgcrypt: update to 1.7.8 - Update libgcrypt to 1.7.8 - Bump library version in pkg-plist Noteworthy changes in version 1.7.8 * Bug fixes: - Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see <https://eprint.iacr.org/2017/627>. [CVE-2017-7526] Changes: https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html Binary compatibility report: https://abi-laboratory.pro/tracker/compat_report/libgcrypt/1.7.7/1.7.8/95cc7/abi_compat_report.html PR: 220382 MFH: 2017Q3 Exp-run by: antoine Security: https://www.vuxml.org/freebsd/ed3bf433-5d92-11e7-aa14-e8e0b747a45a.html Changes: head/security/libgcrypt/Makefile head/security/libgcrypt/distinfo head/security/libgcrypt/pkg-plist A commit references this bug: Author: cpm Date: Thu Jul 6 10:22:05 UTC 2017 New revision: 445135 URL: https://svnweb.freebsd.org/changeset/ports/445135 Log: MFH: r445028 security/libgcrypt: update to 1.7.8 - Update libgcrypt to 1.7.8 - Bump library version in pkg-plist Noteworthy changes in version 1.7.8 * Bug fixes: - Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see <https://eprint.iacr.org/2017/627>. [CVE-2017-7526] Changes: https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html Binary compatibility report: https://abi-laboratory.pro/tracker/compat_report/libgcrypt/1.7.7/1.7.8/95cc7/abi_compat_report.html PR: 220382 Exp-run by: antoine Security: https://www.vuxml.org/freebsd/ed3bf433-5d92-11e7-aa14-e8e0b747a45a.html Approved by: ports-secteam (junovitch) Changes: _U branches/2017Q3/ branches/2017Q3/security/libgcrypt/Makefile branches/2017Q3/security/libgcrypt/distinfo branches/2017Q3/security/libgcrypt/pkg-plist Committed, thanks! |