oss-sec mailing list archives
CVE Request: libgcrypt hardening for RSA-CRT leak
From: Marcus Meissner <meissner () suse de>
Date: Tue, 8 Sep 2015 12:05:34 +0200
Hi, Redhat has published a paper on RSA-CRT keyleakage. https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/ There was a CVE assigned for this issue CVE-2015-5738, but the software scope of this assigned is not clear. libgcrypt has published a hardening fix for the same issue. https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000370.html http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=b85c8d6645039fc9d403791750510e439731d479 Should it get a new CVE? Ciao, Marcus
Current thread:
- CVE Request: libgcrypt hardening for RSA-CRT leak Marcus Meissner (Sep 08)
- Re: CVE Request: libgcrypt hardening for RSA-CRT leak Florian Weimer (Sep 08)