[Pkg-openssl-devel] Bug#983013: m2crypto: autopkgtest needs update for new version of openssl: M2Crypto.RSA.RSAError: sslv3 rollback attack
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Thu Feb 18 08:05:05 GMT 2021
On 2021-02-18 08:15:15 [+0100], Paul Gevers wrote:
>
> I copied some of the output at the bottom of this report. I *think*
> this may be related to CVE-2020-25657 "bleichenbacher timing attacks in
> the RSA decryption API" against m2crypto, hence I file this bug against
> m2crypto.
The openssl side is aware of the situtation. Currently we want to
clarify the documentation in openssl
https://github.com/openssl/openssl/issues/14216
and then report this m2crypto upstream what should be done instead.
The bug fix triggered the problem :)
Sebastian
More information about the Pkg-openssl-devel
mailing list