From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id eFagEy/rF2DVfgAA0tVLHw (envelope-from ) for ; Mon, 01 Feb 2021 11:51:11 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id wLJ9Dy/rF2BMOQAA1q6Kng (envelope-from ) for ; Mon, 01 Feb 2021 11:51:11 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B82BE940276 for ; Mon, 1 Feb 2021 11:51:10 +0000 (UTC) Received: from localhost ([::1]:50594 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1l6XjZ-0001uz-Ez for larch@yhetil.org; Mon, 01 Feb 2021 06:51:09 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:52646) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l6XjS-0001sv-D8 for guix-patches@gnu.org; Mon, 01 Feb 2021 06:51:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:47654) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1l6XjS-0002Lx-4E for guix-patches@gnu.org; Mon, 01 Feb 2021 06:51:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1l6XjS-0007W1-2Z for guix-patches@gnu.org; Mon, 01 Feb 2021 06:51:02 -0500 Subject: bug#46183: [PATCH 0/1] Update gcrypt [URGENT SECURITY ISSUE] Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-To: guix-patches@gnu.org Resent-Date: Mon, 01 Feb 2021 11:51:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: cc-closed 46183 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Guillaume Le Vaillant Mail-Followup-To: 46183@debbugs.gnu.org, ludo@gnu.org, rprior@protonmail.com Received: via spool by 46183-done@debbugs.gnu.org id=D46183.161218025928877 (code D ref 46183); Mon, 01 Feb 2021 11:51:01 +0000 Received: (at 46183-done) by debbugs.gnu.org; 1 Feb 2021 11:50:59 +0000 Received: from localhost ([127.0.0.1]:59199 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1l6XjP-0007Vg-JS for submit@debbugs.gnu.org; Mon, 01 Feb 2021 06:50:59 -0500 Received: from eggs.gnu.org ([209.51.188.92]:34752) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1l6XjN-0007VR-LL for 46183-done@debbugs.gnu.org; Mon, 01 Feb 2021 06:50:58 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:51016) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1l6XjH-0002H7-Qt; Mon, 01 Feb 2021 06:50:51 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=54762 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1l6XjH-0001wc-DP; Mon, 01 Feb 2021 06:50:51 -0500 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20210130042045.16727-1-rprior@protonmail.com> <20210130042428.16873-1-rprior@protonmail.com> <87h7myc0e8.fsf@nckx> <878s8astsb.fsf@yamatai> Date: Mon, 01 Feb 2021 12:50:49 +0100 In-Reply-To: <878s8astsb.fsf@yamatai> (Guillaume Le Vaillant's message of "Sat, 30 Jan 2021 09:39:16 +0100") Message-ID: <87k0rsgg6e.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 46183-done@debbugs.gnu.org, Ryan Prior Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -2.86 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: B82BE940276 X-Spam-Score: -2.86 X-Migadu-Scanner: scn0.migadu.com X-TUID: kunoQOmdRVJ+ Hi, Guillaume Le Vaillant skribis: > According to the news at https://gnupg.org: > > Libgcrypt 1.9.1 released (2021-01-29) important > > Unfortunately we introduced a severe bug in Libgcrypt 1.9.0 released 10 d= ays ago. > If you already started to use version 1.9.0 please update immediately to = 1.9.1. > > Currently the master and staging branch are using libgcrypt 1.8.5 and > core-updates is using 1.8.7. These versions don't have the critical bug > as it was introduced in version 1.9.0. So I think updating libgcrypt on > master is not an emergency, we just have to remember to never use > version 1.9.0. Indeed. So closing this bug. That said, we can update libgcrypt in =E2=80=98core-updates=E2=80=99. Ludo=E2=80=99.