GitLab

A mitigation against an ECDSA timing attack was fixed in libgcrypt 1.8.5

References:

https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000440.html

Patches:

• https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=d5407b78cca9f9d318a4f4d2f6ba2b8388584cd9 (1.8.5)
• https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=db4e9976cc31b314aafad6626b2894e86ee44d60 (1.8.5)

Affected branches:

• master (f9cd8fba)
• 3.10-stable (4edee7ee)
• 3.9-stable (a8034aa3)
• 3.8-stable (ccc5650a)
• 3.7-stable (1c4658e6)