[3.5] libgcrypt: Missing input validation for X25519 curve (CVE-2017-0379)
Libgcrypt before 1.8.1 does not properly consider Curve25519
which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c.
(from redmine: issue id 7833, created on 2017-09-14, closed on 2017-09-19)
- parent #7831 (closed)
- Revision a7b9d19a by Natanael Copa on 2017-09-19T08:57:40Z:
main/libgcrypt: security upgrade to 1.7.9 (CVE-2017-0378) fixes #7833