CVE-2019-12904 and the next libgcrypt release.
Haswarey, Asif
asif.haswarey at intel.com
Fri Jun 21 22:08:08 CEST 2019
Hi!
LIBGCRYPT developers and users are aware of the libgcrypt vulnerability CVE-2019-12904:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904
libgcrypt master branch has 2 commits that address this vulnerability:
https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762
Since these commits are in the master branch, and the latest libgcrypt release
is 1.8.4 (diverged branch), the 2 commits do not apply without conflicts onto
the libgcrypt-1.8.4 branch HEAD with no conflicts.
Would anyone know:
1) What the next release (with the CVE-2019-12904 fixes) is going to be (1.8.5 / 1.9) ?
2) When the next release (with the CVE-2019-12904 fixes) will be announced?
Thanks for any feedback on this issue!
_
Asif
More information about the Gcrypt-devel
mailing list