Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description General purpose cryptographic library based on the code from GnuPG (32-bit)
Version 1.8.5-1 [multilib]


Group Affected Fixed Severity Status Ticket
AVG-1045 1.8.4-1 1.8.5-1 High Fixed
AVG-403 1.8.0-1 1.8.1-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2019-13627 AVG-1045 High Yes Private key recovery
A vulnerability has been found in the ECDSA/EdDSA implementation of libgcrypt up to 1.8.4, allowing for practical recovery of the long- term private key.
CVE-2017-0379 AVG-403 Medium No Private key recovery
Libgcrypt before 1.8.1 does not properly consider Curve25519 side- channel attacks, which makes it easier for attackers to discover a secret key, related to...


Date Advisory Group Severity Description
18 Sep 2017 ASA-201709-14 AVG-403 Medium private key recovery