[Pkg-rust-maintainers] Bug#1057096: rust-rsa: CVE-2023-49092: RUSTSEC-2023-0071: Marvin Attack: potential key recovery through timing sidechannels

Salvatore Bonaccorso carnil at debian.org
Sat Oct 26 08:12:47 BST 2024 

Hi Daniel,

On Sat, Oct 26, 2024 at 02:05:22AM -0400, Daniel Kahn Gillmor wrote:
> Control: affects 1057096 + rsopv
> 
> On Wed 2023-11-29 17:27:15 +0100, Salvatore Bonaccorso wrote:
> > The following vulnerability was published for rust-rsa.
> >
> > CVE-2023-49092[0]:
> 
> My understanding is that we have other instances of the MARVIN attack
> available in debian which have not yet been solved.  Those other
> instances are *not* marked with an RC-critical severity.
> 
> For example, #1065683 is timing leakage for RSA decryption with
> libgcrypt, and #1068418 is timing leakage for RSA decryption with
> rust-openssl.  Both are severity: important, but 1057096 is severity:
> grave, which is keeping rust-rsa from migrating to testing.
> 
> I would also like to see sidechannel-resistant RSA more widely
> available, but i'm not sure what we gain from having the severity of
> this bug elevated beyond the severity of the other issues.  In practice,
> this is also keeping the non-affected parts of rust-rsa from being able
> to migrate.
> 
> For example, this severity means that rsopv (a Rust implementation of
> the signature-verification-only subset of the Stateless OpenPGP CLI)
> cannot migrate into testing. (i've marked this bug as Affects: rsopv to
> make this clear).  rsopv doesn't even implement RSA decryption.
> 
> Salvatore, would you object to setting the severity of this bug from
> "grave" to "important", in line with the other MARVIN-related bug
> reports?
> 
>   --dkg
> 
> PS I note that rust-rsa's upstream is indeed working on fixing this, but
>    it hasn't been released yet, and i don't know when it will be:

Thanks for asking. I can explain. Yes the other are not at RC level,
the reason behind this was, the package is new and was not yet in a
stable release, so aim to have it without the issue in trixie or not
in trixie.

I will not object if you plan to lower the severity, but it would have
been nice to not introduce the package in trixie release once stable
with the issue.

Regards,
Salvatore

More information about the Pkg-rust-maintainers mailing list