From ${URL} : A vulnerability was found in cryptopp library. A counter measure against timing attack was incorrectly implemented. External references: https://github.com/weidai11/cryptopp/issues/146 References and CVE assignment: http://seclists.org/oss-sec/2016/q2/50 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
3.6.4 is in tree, but significant build changes, we need time to stabilize.
v3.6.4 available in Gentoo repository since https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-libs/crypto++?id=86f8b10361ee6fbbb5079703d88d23f009f14dca @ Maintainer(s): Can we stabilize =dev-libs/crypto++-5.6.4-r4?
dev-libs/crypto++-5.6.5 is a candidate for stabilization, however, upstream changed and has a little knowledge about the downstream process, it added some breakages and continue to do so, example bug#597994. I am waiting for next version that includes some remedy.
Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself.
Already done :)
Thank you, just clearing the whiteboard. GLSA Vote: No