[Announce] [Security fix] Libgcrypt 1.9.1 relased.

This version fixes a critical security bug in the recently released version 1.9.0.

There is a heap buffer overflow in libgcrypt due to an incorrect assumption in the block buffer management code. Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs.

Only one released version is affected:

• Libgcrypt 1.9.0 (released 2021-01-19)

Exploiting this bug is simple and thus immediate action for 1.9.0 users is required. A CVE-id has not yet been assigned. ( CVE-2021-3345 )

https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html