Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 726842 (CVE-2020-12399) - <dev-libs/nss-3.52.1: Timing attack on DSA signatures (CVE-2020-12399)
Summary: <dev-libs/nss-3.52.1: Timing attack on DSA signatures (CVE-2020-12399)
Status: RESOLVED FIXED
Alias: CVE-2020-12399
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A4 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-06-02 23:30 UTC by Sam James
Modified: 2020-08-30 22:58 UTC (History)
2 users (show)

See Also:
Package list:
=dev-libs/nss-3.52.1-r1
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-06-02 23:30:21 UTC
Description:
"NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys."
Comment 1 Sam James archtester gentoo-dev Security 2020-06-02 23:30:44 UTC
@maintainer(s), let us know when ready for stabilisation.
Comment 2 Agostino Sarubbo gentoo-dev 2020-06-09 14:42:22 UTC
s390 stable
Comment 3 Sam James archtester gentoo-dev Security 2020-06-09 20:02:47 UTC
arm64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2020-06-10 13:02:12 UTC
sparc stable
Comment 5 Agostino Sarubbo gentoo-dev 2020-06-11 08:26:56 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2020-06-11 08:28:27 UTC
arm stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-06-11 08:30:22 UTC
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-06-11 08:35:37 UTC
x86 stable
Comment 9 Rolf Eike Beer 2020-06-12 18:53:51 UTC
hppa stable
Comment 10 John Helmert III (ajak) 2020-06-28 06:54:12 UTC
ppc64, ping
Comment 11 ernsteiswuerfel 2020-06-28 15:25:38 UTC
nss-3.52.1 needs an upstream patch to make it build on ppc64 (bug #722110). The patch won't be in upstream nss before 3.55.
Comment 12 Agostino Sarubbo gentoo-dev 2020-06-29 13:37:30 UTC
ppc64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 13 Sam James archtester gentoo-dev Security 2020-07-26 16:07:54 UTC
GLSA vote: yes
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2020-07-27 01:27:23 UTC
This issue was resolved and addressed in
 GLSA 202007-49 at https://security.gentoo.org/glsa/202007-49
by GLSA coordinator Sam James (sam_c).
Comment 15 Sam James archtester gentoo-dev Security 2020-07-27 01:28:28 UTC
(In reply to GLSAMaker/CVETool Bot from comment #14)
> This issue was resolved and addressed in
>  GLSA 202007-49 at https://security.gentoo.org/glsa/202007-49
> by GLSA coordinator Sam James (sam_c).

Reopening for cleanup.
Comment 16 Sam James archtester gentoo-dev Security 2020-08-30 03:15:18 UTC
(In reply to Sam James from comment #15)
> (In reply to GLSAMaker/CVETool Bot from comment #14)
> > This issue was resolved and addressed in
> >  GLSA 202007-49 at https://security.gentoo.org/glsa/202007-49
> > by GLSA coordinator Sam James (sam_c).
> 
> Reopening for cleanup.

ping.