The USN-3689-2: Libgcrypt vulnerability is fixed automatically and installed on SecureDrop production instances. I received the following OSSEC alert.
OSSEC HIDS Notification. 2018 Jun 20 04:58:28 Received From: (app) A.B.C.D->/var/log/dpkg.log Rule: 2902 fired (level 7) -> "New dpkg (Debian Package) installed." Portion of the log(s): 2018-06-20 04:58:27 status installed libgcrypt11:amd64 1.5.3-2ubuntu4.6 --END OF NOTIFICATION OSSEC HIDS Notification. 2018 Jun 20 04:58:28 Received From: (app) A.B.C.D->/var/log/dpkg.log Rule: 2902 fired (level 7) -> "New dpkg (Debian Package) installed." Portion of the log(s): 2018-06-20 04:58:28 status installed libc-bin:amd64 2.19-0ubuntu6.14 --END OF NOTIFICATION