Hi Chris, On Tue, Sep 24, 2019 at 04:40:52PM +0100, Chris Lamb wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Package : libgcrypt20 > Version : 1.6.3-2+deb8u6 > CVE ID : CVE-2019-13627 > Debian Bug : #938938 > > It was discovered that there was a ECDSA timing attack in the > libgcrypt20 cryptographic library. > > For Debian 8 "Jessie", this issue has been fixed in libgcrypt20 version > 1.6.3-2+deb8u6. > > We recommend that you upgrade your libgcrypt20 packages.
Just a heads-up in case not seen yet: For all (but the amd64 upload) it looks there were FTBFS: https://buildd.debian.org/status/package.php?p=libgcrypt20&suite=jessie-security Regards, Salvatore
