Summary: | dev-libs/crypto++: correlation between execution time and privkey length | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | minor | CC: | sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/weidai11/cryptopp/issues/1080 | ||
Whiteboard: | B4 [upstream] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2021-11-05 20:40:28 UTC
"Hi Everyone, We are going to close this a "not a bug". We believe it is expected behavior. We don't believe the CVE is valid. @CindyZhouYH, if you can provide a test program and test data we would be happy to revisit it." *shrug* |