-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 30 Aug 2019 18:44:49 +0200 Source: libgcrypt20 Architecture: source Version: 1.8.5-1 Distribution: experimental Urgency: medium Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametzler@debian.org> Closes: 938938 Changes: libgcrypt20 (1.8.5-1) experimental; urgency=medium . * Drop --add-udeb=libgcrypt20-udeb to work around debhelper bug #935577. * New upstream version. + Fixes ECDSA timing attack. CVE-2019-13627 Closes: #938938 + Drop 30_doc-Fix-library-initialization-examples.patch + Ship newly available pkgconfig file in libgcrypt20-dev, moving gpg-error from Requires to Requires.private in new 13_lessdeps_libgcrypt-pkgconfig.diff. Checksums-Sha1: 3dbd36d3b8083a868a614b91854bac52b66b082b 2806 libgcrypt20_1.8.5-1.dsc 2d8781e92f88706707a1e76fb628b499ad538a30 2991291 libgcrypt20_1.8.5.orig.tar.bz2 1da6da3b1869eee9b16c5cab61b793cddead9ce8 488 libgcrypt20_1.8.5.orig.tar.bz2.asc d494d6d8eac79de35bfad30fabfc4422118c28bf 29172 libgcrypt20_1.8.5-1.debian.tar.xz Checksums-Sha256: f039cd86cf89c4ce9b9d90ccefaac8332f1813314e29ba7fb4c43b36806202a6 2806 libgcrypt20_1.8.5-1.dsc 3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3 2991291 libgcrypt20_1.8.5.orig.tar.bz2 4b24fda7847cd2b70ab19f4c38004a76bbdac46a1ddccff973ae88ba1296a22d 488 libgcrypt20_1.8.5.orig.tar.bz2.asc c06fcdc3f6c2e5c86c9dc12430d89e04f392525229b42f967772fd5e5075e4fb 29172 libgcrypt20_1.8.5-1.debian.tar.xz Files: 64a1332102e43b053c7f5737dab11e28 2806 libs optional libgcrypt20_1.8.5-1.dsc 348cc4601ca34307fc6cd6c945467743 2991291 libs optional libgcrypt20_1.8.5.orig.tar.bz2 76aa31391f630b50ed0869abdf813921 488 libs optional libgcrypt20_1.8.5.orig.tar.bz2.asc 93713a3de656ceeeae2fd59f233f24c6 29172 libs optional libgcrypt20_1.8.5-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAl1pVCgACgkQpU8BhUOC FIRReQ/7B+5PqmJd33s3jgq4UTpwdNZ4oM1ly1JlnXLavPX6Zvj+u03lOEoUaWls DFK1f0twJ5R6GiaKZzrzExnbeYaV2qSSwugJ6ew7OgqUDwviq37WbZXIUFxPjzJO QqnDHXjuqtroPlTMgGZisITf8Sk+Pq/rREygTFQvPbAfrSvh4kgQow9mcyfVEGHC A26SJZUL1ultPzdXCVF0nmdf+UXwPKT9SOvKYnSVmE03DVU7LDNtljl4WNke8u5j 4zQPM7gFy7c9dSLlvSe+Ghhzi+IEGCIDPn7QwDcr4+sJkiL4xWqNEF3I8/+81ZuK WLesSXOr/Hp0a3F4KbgSEP4SIL0a4Dv8t++Kl2YnlD32QhHWq0SKzrTPMnBlcoxU ybTtzlhCH3+euO90kkPFnLkkxlEOj+iO39HEyzGlG7LOyATm6TrzqYxO/qlfMNxZ bGk9SklwnoAfXzYYPTaHXLsteDMl0AGEi515OUXseD18cG0BxCbJe91I5hOc5oM0 l2rrctwxCrHU+NuAbg8VLbGamitHNCcg7vvRrd225cIbBg8hhgV+1/TQ6A9wGWL9 AwSGS2w9ExOmnjYC908VeLeIB3BKuG4cbfg4G3NxqUSkow/4PEkawfQ5pjc2yUaK YqkKUEFU8x1UTapnxNRV90uJ6wubIu1eShuDc7oPsBcvfUejBC0= =kHPk -----END PGP SIGNATURE-----