The GNU project is pleased to announce the availability of Libgcrypt version 1.6.5. This is a security fix release to mitigate a new side channel attack. Libgcrypt is a general purpose library of cryptographic building blocks. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required for proper use Libgcrypt. Noteworthy changes in version 1.6.5 =================================== * Mitigate side-channel attack on ECDH with Weierstrass curves [CVE-2015-7511]. See http://www.cs.tau.ac.IL/~tromer/ecdh/ for details. * Fix build problem on Solaris.
ebuild in process
Arches, please stabilize: =dev-libs/libgcrypt-1.6.5 Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Backported fix to 1.5 branch added, arches, please also stabilize: =dev-libs/libgcrypt-1.5.4-r2 Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
amd64 stable
Stable for HPPA PPC64.
x86 stable
Stable on alpha.
ppc stable
sparc stable
ia64 stable
seems like 1.6.5 didn't actually have sparc/x86 marked stable, so i did that now, and all the remaining arches
This issue was resolved and addressed in GLSA 201610-04 at https://security.gentoo.org/glsa/201610-04 by GLSA coordinator Kristian Fiskerstrand (K_F).