Control: tags -1 + confirmed d-i On Thu, 2021-06-03 at 13:31 +0200, Andreas Metzler wrote: > I would like to fix the non-DSA CVE-2021-33560 for buster by > cherrypicking the respective commit from 1.8.8. This is about weak > ElGamal encyption when a key not generated by libgcrypt/gnupg is > used. > > This was fixed in unstable's 1.8.7-6, with bullseye unblock request > #989421 sent a couple of minutes ago.
I'd be OK with this, but as libgcrypt20 produces a udeb it'll also need a d-i ack; tagging and CCing appropriately. Regards, Adam
