Debian has issued an advisory today (June 14): https://www.debian.org/security/2017/dsa-3880 The issue was fixed upstream in 1.7.7: https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000406.html I haven't read anything yet that indicates that 1.5.x is affected, but I'm filing this bug when I can re-open later if anything comes to light. Otherwise it will document that I already fixed this in Cauldron.
Fixed in libgcrypt-1.7.7-1.mga6.
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
Depends on: (none) => 21178
Re-opening for Mageia 5.
Version: Cauldron => 5Resolution: FIXED => (none)Status: RESOLVED => REOPENED
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11
QA Contact: (none) => securityComponent: RPM Packages => Security
Upon further examination of the Ubuntu advisory, this one doesn't affect Mageia 5.
Version: 5 => CauldronStatus: REOPENED => RESOLVEDDepends on: 21178 => (none)Resolution: (none) => FIXED