[Secure-testing-commits] r53073 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jul 1 11:38:33 UTC 2017
Author: carnil
Date: 2017-07-01 11:38:33 +0000 (Sat, 01 Jul 2017)
New Revision: 53073
Modified:
data/CVE/list
Log:
Clarify fixes for libgcrypt20 with upstream
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-01 10:52:12 UTC (rev 53072)
+++ data/CVE/list 2017-07-01 11:38:33 UTC (rev 53073)
@@ -8653,10 +8653,15 @@
- libgcrypt20 1.7.8-1
- libgcrypt11 <removed>
NOTE: https://eprint.iacr.org/2017/627
+ NOTE: Fixes for RSA exponent blinding fixes (A):
NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=a9f612def801c8145d551d995475e5d51a4c988c
NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=aff5fd0f2650e24cf99efcd7b499627ea48782c3
NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=312101e1f266314b4391fcdbe11c03de5c147e38
- TODO: waiting for upstream confirmation on correct set of fixes
+ NOTE: Fixes for mpi_powm itsef (B):
+ NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=0e6788517eac6f508fa32ec5d5c1cada7fb980bc
+ NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=fbd10abc057453789017f11c7f1fc8e6c61b79a3
+ NOTE: For the particular attack to RSA, either (A) or (B) is enough. In
+ NOTE: general cases, (A) plus (B) is needed.
CVE-2017-7525
RESERVED
CVE-2017-7524 (tpm2-tools versions before 1.1.1 are vulnerable to a password leak due ...)
More information about the Secure-testing-commits
mailing list