Control: severity -1 serious On 2021-05-02 "Xavier G." <xav...@kindwolf.org> wrote: > Package: libgcrypt20 > Version: 1.8.7-4 > Severity: important
> Dear Maintainer, > After a full-upgrade in Sid on 2021-05-02, `gpg --decrypt somefile.gpg` fails: [...] > Considering the list of updated packages this day, libgcrypt20:amd64 (1.8.7-3, > 1.8.7-4) is the likely culprit. Its changelog states: > libgcrypt20 (1.8.7-4) unstable; urgency=medium > * Update from LIBGCRYPT-1.8-BRANCH: > + 30_07-Fix-previous-commit.patch > + 30_08-ecc-Check-the-input-length-for-the-point.patch > -- Andreas Metzler <ametz...@debian.org> Sun, 02 May 2021 13:58:47 +0200 > The second patch is precisely about returning "Invalid object" / > GPG_ERR_INV_OBJ in some case related to GnuPG and ECDH decryption. > Therefore, could you please double-check this patch? Looks fishy, but I have not got time check now. Lets bump the severity to make double-sure it does not propagate to testing. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
