Summary: | <net-libs/mbedtls-2.19.0: use of RNG with insufficient entropy allows to recover private key vise side-channel attack (CVE-2019-16910) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | blueness |
Priority: | Normal | Flags: | nattka:
sanity-check-
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=714582 | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: |
net-libs/mbedtls-2.19.1-r2
|
Runtime testing required: | --- |
Bug Depends on: | 712704 | ||
Bug Blocks: |
Description
Sam James
2020-03-01 17:07:33 UTC
@ maintainer(s): Can we start stabilization? (In reply to Thomas Deutschmann from comment #1) > @ maintainer(s): Can we start stabilization? Its ready. KEYWORDS="amd64 arm arm64 ia64 ppc ppc64 x86" x86 stable amd64 stable ppc stable arm stable ppc64 stable ia64 stable arm64 stable Thanks arches. @maintainer(s), can we cleanup? (In reply to sam_c (Security Padawan) from comment #10) > Thanks arches. > > @maintainer(s), can we cleanup? done (In reply to Anthony Basile from comment #11) > (In reply to sam_c (Security Padawan) from comment #10) > > Thanks arches. > > > > @maintainer(s), can we cleanup? > > done Thanks! GLSA Vote: No! Repository is clean, all done! Reopening because 2.17.0 was restored due to breaking net-p2p/fms: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6d437cfc5afcba4b4fb5eb539f28d93bedd71e4 Resetting sanity check; keywords are not fully specified and arches are not CC-ed. Unable to check for sanity:
> no match for package: net-libs/mbedtls-2.19.1-r2
Thanks :) We're all clean here. Closing. |