[3.3] libgcrypt: Missing input validation for X25519 curve (CVE-2017-0379)
Libgcrypt before 1.8.1 does not properly consider Curve25519
which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c.
(from redmine: issue id 7835, created on 2017-09-14, closed on 2017-09-19)
- parent #7831 (closed)
- Revision 3b612fd1 by Natanael Copa on 2017-09-19T09:01:43Z:
main/libgcrypt: security upgrade to 1.7.9 (CVE-2017-0378) fixes #7835