bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto

From:	Leo Famulari
Subject:	bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries
Date:	Mon, 16 Jul 2018 13:39:29 -0400
User-agent:	Mutt/1.10.0 (2018-05-17)

On Mon, Jul 16, 2018 at 01:14:30PM -0400, Leo Famulari wrote:
> libtomcrypt version 1.18.2 includes a fix; we would need to adapt this
> to the bundled copy in Dropbear. I can take a look at this today.

Dropbear's bundled libtomcrypt includes a variety of whitespace and
comment changes that make it non-trivial to compare the actual
differences between the codebases.

I'm not going to work on adapting the upstream patch for Dropbear, but
of course others are welcome to do it :) Otherwise I assume the Dropbear
team will include the fixes whenever they make a new release.

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries, Leo Famulari, 2018/07/16
- bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries, Gábor Boskovits, 2018/07/16
  - bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries, Leo Famulari, 2018/07/16
    - bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries, Leo Famulari <=

Prev by Date: bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries
Next by Date: bug#32167: Kernel 'build' directory in the store is a broken symbolic link
Previous by thread: bug#31831: CVE-2018-0495 Key Extraction Side Channel in Multiple Crypto Libraries
Next by thread: bug#32170: python-cairocffi error "dlopen() failed to load a library: cairo / cairo-2"
Index(es):
- Date
- Thread