Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

#685 ✓released

update Libgcrypt to 1.6.6

Reported by steve | August 18th, 2016 @ 01:36 PM | in 2.0.30_2016.10 (closed)

on 2016-08-17 werner announced on gpg announce list:

Impact

All Libgcrypt and GnuPG versions released before 2016-08-17 are affected
on all platforms.

A first analysis on the impact of this bug in GnuPG shows that existing
RSA keys are not weakened. For DSA and Elgamal keys it is also unlikely
that the private key can be predicted from other public information.
This needs more research and I would suggest not to overhasty revoke
keys.

Solution

If you are using a vendor supplied version of GnuPG or Libgcrypt:

Wait for an update from your vendor.

If you are using a GnuPG-2 version (2.0.x or 2.1.x):

Update Libgcrypt. We have released these fixed versions of Libgcrypt: 1.7.3, 1.6.6, and 1.5.6. See below for download
information.

If you are using GnuPG-1 version (1.4.x):

Update as soon as possible to GnuPG 1.4.21. See below for download information.

Comments and changes to this ticket

steve August 19th, 2016 @ 07:27 PM
+1 https://twitter.com/elyscape/status/766337865169051650
steve August 19th, 2016 @ 07:27 PM
- Importance changed from “Medium” to “High”
Support August 19th, 2016 @ 11:07 PM
- Tag set to “”
Assigned to Tender discussion #1961.
You flagged this item as spam.
Mento August 23rd, 2016 @ 10:27 AM
- State changed from “new” to “fixed”
- Tag cleared.
- Assigned user set to “Mento”
https://github.com/GPGTools/MacGPG2/commit/d10df3d52125e073717956f0...
steve August 23rd, 2016 @ 05:29 PM
- State changed from “fixed” to “verified”
verified on 10.9 - 10.11

we are going with libgcrypt 1.6.6 since 1.7.3 caused trouble.
steve September 26th, 2016 @ 03:08 PM
- Title changed from “update Libgcrypt to 1.7.3” to “update Libgcrypt to 1.6.6”
steve September 30th, 2016 @ 10:56 AM
- Milestone changed from “2.0.30_2016.07” to “2.0.30_2016.10”
steve October 21st, 2016 @ 04:31 PM
- State changed from “verified” to “released”
Support December 12th, 2016 @ 06:27 PM
- Tag set to “”
Assigned to Tender discussion #50212.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Shared Ticket Bins (Sort)

↓↑ drag 19 Open tickets
↓↑ drag 0 Resolved tickets
↓↑ drag 0 This week's tickets

Gpgtools MacGPG2 → 2.0.30_2016.10

update Libgcrypt to 1.6.6

Impact

Solution

Comments and changes to this ticket

steve August 19th, 2016 @ 07:27 PM

steve August 19th, 2016 @ 07:27 PM

Support August 19th, 2016 @ 11:07 PM

Mento August 23rd, 2016 @ 10:27 AM

steve August 23rd, 2016 @ 05:29 PM

steve September 26th, 2016 @ 03:08 PM

steve September 30th, 2016 @ 10:56 AM

steve October 21st, 2016 @ 04:31 PM

Support December 12th, 2016 @ 06:27 PM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Tags

Pages

Gpgtools MacGPG2 → 2.0.30_2016.10

Keyword searching

update Libgcrypt to 1.6.6

Impact

Solution

Comments and changes to this ticket

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Tags

Pages