[Pkg-openssl-devel] Bug#983013: m2crypto: autopkgtest needs update for new version of openssl: M2Crypto.RSA.RSAError: sslv3 rollback attack

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Thu Feb 18 08:05:05 GMT 2021


On 2021-02-18 08:15:15 [+0100], Paul Gevers wrote:
> 
> I copied some of the output at the bottom of this report.  I *think*
> this may be related to CVE-2020-25657 "bleichenbacher timing attacks in
> the RSA decryption API" against m2crypto, hence I file this bug against
> m2crypto.

The openssl side is aware of the situtation. Currently we want to
clarify the documentation in openssl
		https://github.com/openssl/openssl/issues/14216

and then report this m2crypto upstream what should be done instead.
The bug fix triggered the problem :)

Sebastian



More information about the Pkg-openssl-devel mailing list