Missing input validation in implementation of Curve25519 in libgcrypt allows side channel attack leading to leak of private key. Upstream patch: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=bf76acbf0da6b0f245e491bec12c0f0a1b5be7c9
Created libgcrypt tracking bugs for this issue: Affects: fedora-all [bug 1485922] Created mingw-libgcrypt tracking bugs for this issue: Affects: fedora-all [bug 1485923]