Re: [SECURITY] [DLA 1931-1] libgcrypt20 security update

2019-09-24 Thread Salvatore Bonaccorso 
Hi Chris,

On Tue, Sep 24, 2019 at 04:40:52PM +0100, Chris Lamb wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> Package: libgcrypt20
> Version: 1.6.3-2+deb8u6
> CVE ID : CVE-2019-13627
> Debian Bug : #938938
> 
> It was discovered that there was a ECDSA timing attack in the
> libgcrypt20 cryptographic library.
> 
> For Debian 8 "Jessie", this issue has been fixed in libgcrypt20 version
> 1.6.3-2+deb8u6.
> 
> We recommend that you upgrade your libgcrypt20 packages.

Just a heads-up in case not seen yet: For all (but the amd64 upload)
it looks there were FTBFS:

https://buildd.debian.org/status/package.php?p=libgcrypt20&suite=jessie-security

Regards,
Salvatore

ruby-mini-magick

2019-09-24 Thread Brian May 
Hello All,

I just noticed I can't build ruby-mini-magick in Jessie, required for a
security update.

expected no Exception, got #1, :output=>""}> with backtrace:

Problem seems to be that the identify command, from imagemagick fails
when supplied a *.psd file:

# identify /tmp/tigerpsdfmt.psd ; echo $?
1

This same command with the same file works on stretch.

Any ideas?

Regards
-- 
Brian May 
https://linuxpenguins.xyz/brian/