Summary: | dev-libs/libgcrypt: Possible side channel attack for PPC: C implementation of AES is vulnerable to side-channel attacks | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | ajak, crypto+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://dev.gnupg.org/T4541 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Kristian Fiskerstrand (RETIRED)
2019-06-23 20:56:02 UTC
Upstream closed as wontfix: "As of now we doubt that the proposed patch helps and we even fear that it could make things worst. Thus, as long as there is we have no description of an attack we won't do anything about it." (In reply to John Helmert III (ajak) from comment #1) > Upstream closed as wontfix: > > "As of now we doubt that the proposed patch helps and we even fear that it > could make things worst. Thus, as long as there is we have no description of > an attack we won't do anything about it." Let's do that then. |