Summary: | <dev-libs/libgcrypt-1.7.7: Possible timing attack on EdDSA session key | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | crypto+disabled, k_f |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1459887 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
dev-libs/libgcrypt-1.7.7 alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
|
Runtime testing required: | --- |
Bug Depends on: | 623006 | ||
Bug Blocks: |
Description
Agostino Sarubbo
![]() amd64 stable x86 stable sparc stable ia64 stable arm stable ppc64 stable Stable on alpha. ppc stable GLSA Vote: No We got bug 623006 now, so adding this to same glsa as that one EdDSA is only used by gnupg in --expert mode and is not defined in official OpenPGP standard yet, so impact is particular in nature. Originally noglsa but changed pending bug 623006, which is now also designated noglsa. Waiting for hppa in bug 623006 and cleanup |