-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 01 Jul 2017 11:01:58 +0200 Source: libgcrypt20 Binary: libgcrypt20-doc libgcrypt20-dev libgcrypt20 libgcrypt20-udeb libgcrypt11-dev libgcrypt-mingw-w64-dev Architecture: all source Version: 1.7.6-2+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametzler@debian.org> Description: libgcrypt11-dev - transitional libgcrypt11-dev package libgcrypt20-dev - LGPL Crypto library - development files libgcrypt20-doc - LGPL Crypto library - documentation libgcrypt20 - LGPL Crypto library - runtime library libgcrypt20-udeb - LGPL Crypto library - runtime library (udeb) libgcrypt-mingw-w64-dev - LGPL Crypto library - Windows development Changes: libgcrypt20 (1.7.6-2+deb9u1) stretch-security; urgency=high . * 31_CVE-2017-752*.patch from upstream 1.7.8 release: Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For details see <https://eprint.iacr.org/2017/627>. [CVE-2017-7526] Checksums-Sha1: 0254545c274f7a72f4812e08985a1067d229643f 2942 libgcrypt20_1.7.6-2+deb9u1.dsc d2b9e0f413064cfc67188f80d3cbda887c755a62 2897695 libgcrypt20_1.7.6.orig.tar.bz2 fe3a20f0168d841e8f144ff22272b378e0460526 310 libgcrypt20_1.7.6.orig.tar.bz2.asc b9a5075b6aa04097d0ab8fa85f1a4ac73715ec7b 30308 libgcrypt20_1.7.6-2+deb9u1.debian.tar.xz 2c9723a2fd3143878a232db25e3251b8e7c28c2f 2316448 libgcrypt-mingw-w64-dev_1.7.6-2+deb9u1_all.deb abb72e7762708f2dad9a070483df47f367381bc8 874286 libgcrypt20-doc_1.7.6-2+deb9u1_all.deb Checksums-Sha256: b83c76db58ec1e27257df872e342d2045a476819549252e0ffeb03ed2cbe570c 2942 libgcrypt20_1.7.6-2+deb9u1.dsc 626aafee84af9d2ce253d2c143dc1c0902dda045780cc241f39970fc60be05bc 2897695 libgcrypt20_1.7.6.orig.tar.bz2 91ad5a0efafb0edc63c083f733ce476b2a0da663aea5118126aa63825d314e00 310 libgcrypt20_1.7.6.orig.tar.bz2.asc df274675ca3dce4dcbf9ec58e75fdf279a492f4fc91aa2f2d52d368ee9c0ed82 30308 libgcrypt20_1.7.6-2+deb9u1.debian.tar.xz fb742622b7191866ceb80674444731476a51c893ddd62d8e8b7a3aa17a5fc5bb 2316448 libgcrypt-mingw-w64-dev_1.7.6-2+deb9u1_all.deb 057d7b0f7c84cba2e2811fe492e830a75ebc67f5cfebf4163e131c26c34ee1f3 874286 libgcrypt20-doc_1.7.6-2+deb9u1_all.deb Files: abdf721ada2ac41537f5d0825a4f6035 2942 libs optional libgcrypt20_1.7.6-2+deb9u1.dsc 54e180679a7ae4d090f8689ca32b654c 2897695 libs optional libgcrypt20_1.7.6.orig.tar.bz2 ebb27eec1079d3417bb08e571563d556 310 libs optional libgcrypt20_1.7.6.orig.tar.bz2.asc 53c2418a6253d2922cc901b6ddb0ec95 30308 libs optional libgcrypt20_1.7.6-2+deb9u1.debian.tar.xz f0be034bba560681833888ae25339438 2316448 libdevel extra libgcrypt-mingw-w64-dev_1.7.6-2+deb9u1_all.deb dd9f1590839b72b9ab28f707bd727991 874286 doc optional libgcrypt20-doc_1.7.6-2+deb9u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAllXaZoACgkQpU8BhUOC FISJ3g/+NYDaUhoJEE0D4WOrmbxhvf5s4JFbQCXOKF4qezVB7MIxD1VhNbaZQbb5 se5QzGjxVntGGXNpJGkVmdqqLvoD+ekKrscd4ZQcRqQSvIhCKuqTKHwdi6+7+rqS TboVu6x6E6Nos8lwdILmB9kYkpaOtYcdwkT/JaxYJyL7ETddF+8YUNkDsf17m7i/ WhTVP8CsxB7tGtCbmzaJNmu/EC0mpDY36FSDIwsttEfciJxnFh8SRgzrDFvd57w6 iGkifPqqyyGOPlaL1hqub1VSzMZHyOxPNSnBkTlteaDOl07vvbXg797mZn1AgSwd l1wbm62PyiI1p4KwyT9NjAIGvhCUrIEiFZuaEQrs/fNr4Sz3HjvVpLs6R6QYpMaT xMGq/nzO8/5eJiyyRxBG08EpDSlFTYYAy6vi491cM6maYaPWFzvfaV/BScL4GnAe MrMkXvm2jARBLsq9XrgDks5bKsreXVYjQ4vptEk36ihfvRw7tFRnGjWeyQ45z6Lr Cjp4ZkY5IxMgZN7Sg1aYaB+LeSJWu3/oRNKHDtXyKD/fuqswwD+bt1WO3Rrqa7hr nOYd0PTaPVpZkMBSpnzFOB6iKlyFBcaxHuO9S/KfN3Qlu+oSPFkz6qOMuLIT4Nye 22iArBhdUoEjDnHOExLLYwz7spUIsQWzl39XvDKqbYG2OzItJSs= =4E24 -----END PGP SIGNATURE-----